ietf-asrg
[Top] [All Lists]

Re: [Asrg] Lets Fix Mailing Lists

2003-03-09 09:35:47
Can you state concisely in two sentences the purpose of this particular thread? This appears to be going nowhere and in any case I cannot see the relevance to the greater discussion. This may be one instance where content filters will be useful.

- jim


At 9:28 -0700 3/9/03, Vernon Schryver wrote:
 > From: "Alan DeKok" <aland(_at_)freeradius(_dot_)org>

 > Again, for the umpteenth time, of course there is some header forgery,
 > but is it as much as most people claime?  I don't think so.  My guess
 > is that perhaps 10% ...

   My (admittedly unusual) traffic is 90%+ forged.

How do you determine that a given message has forged headers?

Again, for the umpteenth time, you cannot compare the reverse DNS
dommain of the STMP client IP address with domains in the envelope or
the headers, with the possible exception of the HELO, to define forgery.
Mail from a Brazilian IP address carrying Hotmail sender is not
necessarily forged in any honest sense.

If you define a mismatch between reverse DNS and HELO domains as
forgery, you'll say that at least 1% and perhaps more than 10% of
all otherwise completely legitimate mail is "forged."


                                                    In my less moral
 moments, I wonder what would happen if I set up the MX to lie, and
 force open relays to send mail in an infinite loop.

   A looks up MX, gets B.  B looks up MX, gets C.  C looks up MX, gets
 A.  Happiness and frivolity ensue...

That's not how MX RRs work.  Please read pages 3 and 4 of RFC 974.  The
answer to an MX query is a collection of A and CNAME RRs.  The value of
an A RR is an IP address and the value a CNAME RR cannot be an MX RR.


 ...
 > My jihad in this area is to get people to stop using "forged" to mean
 > "sender domain differs from SMTP client reverse DNS".

   I understand.  But one of the guidelines I was taught in Physics was
 "If you can't tell the difference between two things, then they're the
 same."

Did your physics teachers really say that that two things are the same
if you merely don't go to the trouble to distinguish them?  You can
often distinguish "header forgery" from "sender domain differs from
SMTP client reverse DNS" by serving checking records.  For example,
you could check Hotmail's records to see whether a given spammer ever
owned a Hotmail address.  That making such checks can require expensive
legal paperwork does not make them impossible or justify calling
mismatches between envelope or headers and IP address "forgery."


   As you said in an earlier message, verifying consent for such header
 > re-writing is difficult.  So for the recipient, it's almost impossible
 > to tell the difference between consentual uses of such header
 > rewriting, and non-consentual uses.  Since the recipient can't tell
 the difference between the two, he might as well lump them all into
 the same "deceitful sender" bin.

"Deceitful sender" is not the same as "forgery."
The difference is important because one can carry significant penalites
while the other is merely a reason to reject mail.
See http://news.com.com/2100-1023-249758.html and
http://www.google.com/search?q=%22flowers.%2Bcom%22+spam

Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg