New to the list.........
dear all, new to the list and trying to get up and running with the
discussion so i am aboute to ask some strange questions.....
What do we want to do? Find a way to eliminate or at least downsize the
number of spam messages running around on the internet. We "think" most of
the spammers will make use of "stolen" domain names. Is this so? and if
so.... are there researche papers to prove this? Are we 100% sure we are
looking at the correct problem?
Let say we are........
how to avoid people to send mail in name of a domain that they are not
permitted to? The sugestion (in very short) is to enable the recieving mail
server to check at the sending mail server that the original sending party
(the client/spammer) is allowd to send mail in name of this domain. correct?
Ok lets say, (the situation in holland) I am driving on the freeway and i
pullover at the gasstation. I get me a couple of free internet account CD's
go home install a couple of accounts get a mail adres and start sending SPAM
mail, after sending the mail i simpley delete the account an start using the
next free account...... The recieving mail server is checking with the
sending mail server of my free-ISP to look if the IP adres is allowd to send
mail in name of @freeISP.nl I am allowd to send mail ... so the spam is out
in the world and i just have bypassed the solution........
The next situation. Lets say i am the owner of www.veryhornypreteengirls.com
and i like to SPAM mail to a list of people. My @veryhornypreteengirls.com
mail server is placed someware in a third world country so i do not have to
worry aboute the law. I send out my spam mail the recieving server is
checking with my mail server and i am allowd to sendout the mail so the spam
is on the internet.
The checking part of reciecing server checking sending server is a good plan
to avoid a lot of spam mail it is only not enough. You also need a
"centralized" way to check if the sending domain is a "trusted" domain. You
must have the option to aloow or deny the mails from mail servers on this
list.
Just some of the things I was thinking aboute...... :-)
Regards,
Johan.
------------------------------------------------
There are only 10 types of people in the world:
Those who understand binary and those who don't.
----- Original Message -----
From: "Hadmut Danisch" <hadmut(_at_)danisch(_dot_)de>
To: "Reinhold Jordan" <reinhold(_at_)bachrain(_dot_)de>
Cc: "Anti-Spam Research Group" <asrg(_at_)ietf(_dot_)org>
Sent: Monday, March 03, 2003 3:36 PM
Subject: Re: [Asrg] Re: RMX Records
On Mon, Mar 03, 2003 at 03:22:28PM +0100, Reinhold Jordan wrote:
Many of the Spam messages I receive are sent from DSL accounts with
dynamically allocated IP addresses. If *you* are allowed to send
mail from jmason.org, then everybody else who can get the same
IP address a few minutes later would be allowed as well (as long as
we glue permissions to IP addresses and omit the time factor).
but is this really the problem?
Believe me, it is. About a year ago, some Spammers were sending
millions of mails around the world and used random addresses from
my domain as sender addresses. I received tons of complaints and
cursing threats from people who received Spam, but didn't want to
believe that I don't have anything to do with it.
Most spam-mails with wrong sender
use domains like hotmail or other great freemailers. And this
freemailers doesn't use dynamic IPs. A test on this domains will
reject much more than 50% of spam...
Yeah, but once you start blocking splam from @hotmail, they will
start to use any random domain.
regards
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg