ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Slowing down spammers - thoughts?

2003-07-11 10:46:54
from [Scott Nelson] [Permanent Link] 
At 06:39 AM 7/11/03 -0400, C. Wegrzyn wrote:

I've been giving more thought to how to slow down spamming. It seems we 
should just follow 7.3 of RFC2821 - return either 250 or 252 to VRFY and 
EXPN commands.  In this way the sender can't find out if someone is 
really on a system.



First, the advice given in RFC 2821 section 7.3 isn't quite right.
If you don't support EXPN then it shouldn't be in the EHLO response, 
and the correct error code is "503 5.5.1 Invalid command".
252 would only be correct if you make the decision to allow EXPN 
on a case by case basis, after the EHLO - 
for example, if you allowed EXPN only after AUTH.
As far as I know, no one does that.


Second, most systems that check, check using RCPT TO instead of VRFY.
(And most incorrectly assume that anything other than 250 means
 non-existent, failing on "451 4.2.2 mailbox full", but that's
 another topic.)  With the exception of me testing the command,
I haven't seen a single VRFY command in my logs, ever.


Third, I have seen some pretty convincing evidence that if a spammer
/thinks/ an address is valid, they will hammer the mailbox forever.  
(Not all spammers of course, but some.) 
No amount of "550 5.1.1 No such user" will dissuade them.  
If spammers actually checked with VRFY, returning 252 to all
such queries would risk /increasing/ the amount of spam attempted.
But since no one uses VRFY anyway, that's moot.

Forth, Is there any evidence that hiding addresses works?
Perhaps the effectiveness of address hiding should be researched.



Second I would kick back a 551 to every message being sent by a 
domain/user I don't recognize or wanted to reject as SPAM. In the former 
case I would send the email to the real recipient allowing them to 
decide what to do with it. I the latter case I would just toss it or 
fill in the subject with SPAM:.

Thoughts?



Seems to me that you'd get a lot of false positives that way.


Scott Nelson <scott(_at_)spamwolf(_dot_)com>

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 0.General - News Article - NYT Reports Porn Spam Hijacking Network, Alan DeKok
Next by Date:  RE: [Asrg] 3. Requirements - Non Spam must go through, Jason Steiner
Previous by Thread:  Re: [Asrg] Slowing down spammers - thoughts?, C. Wegrzyn
Next by Thread:  Re: [Asrg] Slowing down spammers - thoughts?, C. Wegrzyn
Indexes:  [Date] [Thread] [Top] [All Lists]