On Thu, May 08, 2003 at 12:08:59PM -0400, Paul Judge wrote:
Hadmut and/or Mike, please read the other links that Vernon provided "
http://www.google.com/search?q=match+sender+domain+hotmail
Paul, you will not seriously ask me to comment a google search
reply. That's ridiculous. Please state exactly what you would like to
have comments on. Do you believe this is the way to chair a working
group?
http://www.monkeys.com/anti-spam/filtering/additions.html"; and provide a
comparison between those and RMX?
- The monkeys approach doesn't work in general. It works only for
the large providers like hotmail, yahoo, AOL, where all incoming and
outgoing mails do have the same domain.
- As they say, they need a list of "frequently forged domains". A
message is rejected only if the domain part is on that list.
It's obvious that this doesn't work in common. You always need to
update such a list, which is expensive and error prone. Once this
gets commonly deployed, spammers will stop to use hotmail, yahoo,
aol, but choose to use any random domain address.
Keep in mind that spammers have lists of millions of email
addresses. It's trivial to choose random domains from that list.
- It is based on a "relation" between the sender domain name and
the name given in reverse domain names. This won't work in common.
Again, this is a hack limited to hotmail, yahoo and aol.
But in most other cases it won't work.
A common case:
You are sending mail from yourname(_at_)yourdomain(_dot_)de
and do deliver it through a machine which's reverse name
is mta.provider.com
regarding to the given web page at monkeys, I'll discuss
the four cases described over there. In my example
X = yourdomain.de
Y = relay.provider.com
First case: Are X and Y the same? No.
Second case: Is X a superdomain of Y? No.
Third case: Does X have an MX record that contains/names domain Y ?
Assume the MX record of X points to "relay.yourdomain.de"
-> No
Fourth case: Does X have an MX record that contains/names a
superdomain or subdomain of Y ?
Same as above.
Therefore, this algorithm gives false results in many cases.
- The reverse domain name thing is vulnerable to name spoofing.
Thus, the reverse-forward-check is needed. Interesting, this
check fails in many cases.
- If you do read the monkey proposal further, you will see that
they didn't even implement this, but make heavy use of a so
called "list of frequently forged domains".
It's obvious that this doesn't work reliably, must be updated
all the time, and is in principle a bad way of blacklisting,
because the domain owners can't do anything against it.
So the differences between this and RMX are obvious.
The Monkeys approach is a hack tailored to hotmail, yahoo, aol
and alike, it's bad design, it gives wrong results, it requires
maintenance of a blacklist, where people listed on that list don't
have any chance to get off that list, and which can easily be
circumvented by choosing a random domain for spamming.
Please, don't ask me again to provide a comparison of apples and
oranges.
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg