The problem such a facility solves is to make spam forgery more
difficult,
No, not really.
What is the probability to fake <name>@hotmail.com or
<name(_at_)yahoo(_dot_)com>
and get a hit? I'd say if you do it halfway intelligent it's about 98%.
So you get mail from
susan23(_at_)hotmail(_dot_)com
it gets verified by hotmail.com as existant.
What exactly help in this situation to eliminate spam?
----- It makes the sending server legitimate. This is the number one thing
that needs to be addressed.
There are some very smart people participating, but like most smart
people, we are trying to over design it.
I submit to you that there will never ever be a way to stop someone
from sending spam if they really wanted to. What needs to happen is making
this process as difficult as possible and making the true source
*accountable* for the email that they send.
Let's break spam and not SMTP. The more difficult it is for a
spammer to send spam successfully to valid addresses, the lower the return
for the spammer. Eventually the economic model for UCE will be broken and
you will only get two types. Spam from people with deep pockets and
*legitimate* offerings.
After you legitimize the source of the email, everything else is an
administration issue.
How do we do this?
A reverse DNS (rDNS) lookup.
eg.
<< HELO 90.67.80.1
Sending server has a valid A or MX record.
<< mail from: susyq123(_at_)yahoo(_dot_)com
rDNS lookup of YAHOO.com RMX record shows that the IP address 90.67.80.1
is not a member of any of its mail servers' SUBNETS.
<< 550 Spam-B-Gone
The RMX record will either be a subnet in the case of multiple mta's,
multiple subnets in the case of multiple MTA's on different subnets or a
single IP address for domains with only one MTA. Listing all the specific IP
addresses for all MTA's that a host owns is cumbersome and unnecessary.
What does this mean for the following example:
<< HELO 90.67.80.1
Sending server has a valid A or MX record
<< mail from: susyq123(_at_)pornspam(_dot_)com
rDNS lookup of pornspam.com RMX record shows that the IP address of
90.67.80.1 IS a member of its mail servers' subnets.
Ok- Send your email.
Yes.. that is right, the spam is coming. The HUGE difference here is that I
can block the RMX record of the domain, that will block ALL of the spammers
subnets or single MTA, whatever the case may be. I can now block the IP,
hostname, domain name, etc without fear of it being forged. I realize that
DNS can be forged, but this runs into 2 problems for a spammer... he is now
subject to federal criminal laws and faces potential long prison sentences
and huge fines and he must do many technical things first before he can
start spamming, which breaks the economic model or spam. It also removes
Joe-the-plumber as a spammer because he is no longer able to just let it fly
when he is at work. Right now, spamming requires no real special skills. How
many spammers and how much spam did I just kill?
Now that I have killed all the untechnical spammers and the spoofing
spammers, I can now concentrate on what is left.
How do I deal with those- RBLS, pressure on the ISP (because we now
know it is *really* coming from them), new or improved laws (I realize that
this does not scare a relay owner in Japan, but when was the last time you
received a spam asking you to pay up in YEN?!). My point is that even though
they are relays, the money is here. Since the amount of spam has been
drastically reduced, this leaves investigators free to concentrate on the
big guys.
Ok.. What did I just say-
You do not need to over design anything. Legitimize email and make it
difficult to spam. Destroy the economic model. Resolve other issues through
administration and tools. Send the big guys to court... Whether it be
criminal court or bankruptcy court, the outcome is the same. Force ISP's to
mend their ways. Spam *problem* resolved.
Regards,
Damon
*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg