ietf-asrg
[Top] [All Lists]

Re: [Asrg] Position paper, in zipped HTML

2003-03-17 02:52:31

In message 
<200303170717(_dot_)h2H7HGOo003158(_at_)turing-police(_dot_)cc(_dot_)vt(_dot_)edu>,
 
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

On Sun, 16 Mar 2003 21:30:02 PST, "Ronald F. Guilmette" 
<rfg(_at_)monkeys(_dot_)com>  sai
d:

In a nutshell, if some SMTP client says to you `HELO foo.bar.com' then
6 times out of 10 a forward lookup on `foo.bar.com' will get you the
IP address of that same SMTP client and another 3 times out of 10,
looking up the MX records for `bar.com' will get you the IP address
of that same SMTP client.  So 9 times out of 10 you can accurately
associate a domain name with a given SMTP client, even in the total
absence of rDNS.

Probably true of well-behaved SMTP transactions.  I've noticed an annoying
tendency of late for spammers to say 'HELO your.host.here', to the point
where I'm THIS close to telling RFC2821, section 4.1.4 to stuff it:

  An SMTP server MAY verify that the domain name parameter in the EHLO
  command actually corresponds to the IP address of the client.
  However, the server MUST NOT refuse to accept a message for this
  reason if the verification fails: the information about verification
  failure is for logging and tracing only.

I and at least a few others already _have_ ``told RFC2821, section 4.1.4
to stuff it''.  (That RFC doesn't pay my monthly connectivity bills.)

If you did that, you would instantly rid yourself of about 99.9% of all
open-proxy spam.  (Virtually all of this stuff comes in with blatantly
forged HELO names, usually something in the *.yahoo.com domain.)

I predict that there will come a point in time, not too far into the
future, where just as most sane admins today refuse incoming e-mail
from known open relays, most sane admins with any brains will no longer
accept incoming e-mail unless the HELO name _does_ in fact ``verify''
back to the SMTP client IP address via a forward lookup.

I mean when you think about it, it is actually kind-of ludicrous to
accept mail from servers that (a) you don't know and that (b) have
declined to identify themselves (or their ownership) to you using
the standard RFC-defined and RFC-*mandated* method for server self-
identification.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg