ietf-asrg
[Top] [All Lists]

Re: [Asrg] Fwd: Returned mail: see transcript for details

2003-03-31 21:04:15
From: wayne <wayne(_at_)midwestcs(_dot_)com>

...
Not so.  Body filters can also announce or keep quiet about their
effects with bounces or SMTP status codes like any DNS blacklists.

Ah.  What I meant is that I can check to see if someone is in the
SPEWS DNSBL, but I can't see if a given email will be rejected as spam
by a given content filter. 

What is wrong with the recipe I gave for doing exactly that?

Again, given an SMTP server and a test message, simply send the test
message to an invalid mailbox at that server.  If the bounce you get
from the remote server or your own SMTP client says "user unknown,"
then chances that are the remote SMTP server will not have filtered
the same message if sent to a valid address.  You can't know for
certain that the message would have been delivered to a valid address,
because the MTA could be lying.  The same applies to DNS blacklists,
because MTAs can and do lie about how they use DNS blacklists and your
mail target can use procmail or SpamAssassin to consult DNS blacklists
from within MTAs and can interpret DNS blacklist results differently
from what you expect.  (E.g. the choices in SPEWS levels.)

If the SMTP server does not bounce the test message or if it bounces
it with a status message saying something about naughty bits, then
you know that a body filter doesn't like your message.

Note that each test can be affected by preceding tests.  AOL and
others are rumored to count bad mailboxes as evidence of spam.
Repeat the test with a single message and a system using the DCC
enough times, and it should start failing.


...
DNSBLs are much more transparent about what they are doing and I think
transparent enforcement of rules is A Good Thing.  An erronious
listing in SPEWS can be noticed and corrected, but an erronious
brightmail rule will be very hard to detect.

Transparency is better for senders than spam targets.  Spam targets
can benefit from transparency, but they can also be hurt because
spammers can use the information.

DNS blacklist are more transparent mostly because they are simpler
and even simplistic.  It's hard to block only the spam from a large
ISP with a DNS blacklist.

Few sites with effect spam filters use DNS blacklists alone.  Instead
they combine them with other mechanisms, so that the question of
whether DNS blacklist is blocking some "newsletter" is simplistic and
misleading.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg