ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Slowing down spammers - thoughts?

2003-07-11 14:59:36
from [C. Wegrzyn] [Permanent Link]
Scott, thanks for the analysis. All I know is what I have seen - when I have hidden an address (actually removing it) the spam to the account did drop but over a long time (6 months). 

Chuck

Scott Nelson wrote:


At 06:39 AM 7/11/03 -0400, C. Wegrzyn wrote:
I've been giving more thought to how to slow down spamming. It seems we should just follow 7.3 of RFC2821 - return either 250 or 252 to VRFY and EXPN commands. In this way the sender can't find out if someone is really on a system. 



First, the advice given in RFC 2821 section 7.3 isn't quite right.
If you don't support EXPN then it shouldn't be in the EHLO response, and the correct error code is "503 5.5.1 Invalid command". 252 would only be correct if you make the decision to allow EXPN on a case by case basis, after the EHLO - for example, if you allowed EXPN only after AUTH. 
As far as I know, no one does that.


Second, most systems that check, check using RCPT TO instead of VRFY.
(And most incorrectly assume that anything other than 250 means
non-existent, failing on "451 4.2.2 mailbox full", but that's
another topic.)  With the exception of me testing the command,
I haven't seen a single VRFY command in my logs, ever.


Third, I have seen some pretty convincing evidence that if a spammer
/thinks/ an address is valid, they will hammer the mailbox forever. (Not all spammers of course, but some.) No amount of "550 5.1.1 No such user" will dissuade them. If spammers actually checked with VRFY, returning 252 to all 
such queries would risk /increasing/ the amount of spam attempted.
But since no one uses VRFY anyway, that's moot.

Forth, Is there any evidence that hiding addresses works?
Perhaps the effectiveness of address hiding should be researched.
Second I would kick back a 551 to every message being sent by a domain/user I don't recognize or wanted to reject as SPAM. In the former case I would send the email to the real recipient allowing them to decide what to do with it. I the latter case I would just toss it or fill in the subject with SPAM:. 

Thoughts?



Seems to me that you'd get a lot of false positives that way.


Scott Nelson <scott(_at_)spamwolf(_dot_)com>

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Slowing down spammers - thoughts?, C. Wegrzyn
Next by Date:  Re: [Asrg] 0.General - News Article - NYT Reports Porn Spam Hijacking Network, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] Slowing down spammers - thoughts?, Scott Nelson
Next by Thread:  Re: [Asrg] 0.General - News Article - NYT Reports Porn Spam Hijacking Network, Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]