ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 6. Proposals - Creative Addressing

2003-10-02 12:42:25
from [Markus Stumpf] [Permanent Link] 
On Thu, Oct 02, 2003 at 02:02:38PM -0400, Yakov Shafranovich wrote:

   This document gives instructions for implementing a mail system that
   will reduce the amount of SPAM received by the end users. The
   instructions specify disposable and single-purpose mailboxes that
   will allow for the source of SPAM to be easily identified.


- '*' records in DNS are really bad.
  If spammers spoof the source address like in
      @joe.example.com
  attacked MTAs can easily block @joe.example.com.
  If there is a '*' RR as in
     *.example.com  MX 100 mail.example.com.
  they can use
     @qrwepuiqergqre.example.com
  and the only chance to block them is to block example.com as a whole.

- most MTA (at least qmail, postfix, sendmail and IMHO exim, also)
  provide for user extensions, so
     joe(_at_)example(_dot_)com
  can also have full control ober all addresses like
     joe-asrg(_at_)example(_dot_)com
     joe-jokes(_at_)example(_dot_)com
     joe-list-irtf-asrg(_at_)example(_dot_)com
  Look at my From: line for an example. I - and many others - use this
  for years and I have a maex-net-*(_at_)space(_dot_)net catchall. If I have to
  leave an email address somewhere on the net I always use
     maex-net-example(_dot_)com(_at_)space(_dot_)net
  which makes it easy to track and easy to block.

- this is not of big value for spam prevention and tracking any more.
  I've seen attacks that clearly had my "maex-qmail(_at_)space(_dot_)net" 
address
  as source of the harvesters that sent a bulk for
      maex-qmail(_at_)space(_dot_)net
      maexqmail(_at_)space(_dot_)net
      maex(_at_)space(_dot_)net
      qmail(_at_)space(_dot_)net
  and I've seen attacks with fresh addresses like
      joe-homepage(_at_)example(_dot_)com
  that started about 3 days after the webpage went online and that
  *only* went to joe(_at_)example(_dot_)com (no spam to 
joe(_at_)example(_dot_)com before).

- the most useful part of the draft is probably 4.-7.

- overall the draft IMHO has too less "beef" to be helpful in general.
  And in will in no way reduce spam.

        \Maex
      
-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 6. Proposals - AMTP (rev 01) - MPC, Brad Knowles
Next by Date:  RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance, Eric Dean
Previous by Thread:  [Asrg] 6. Proposals - Creative Addressing, Yakov Shafranovich
Next by Thread:  Re: [Asrg] 6. Proposals - Creative Addressing, Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]