ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 0. General - Inquiry about CallerID Verification

2003-11-29 17:10:05
from [Yakov Shafranovich] [Permanent Link] 
Hector Santos wrote:

There are problems with the the regular C/R approaches that apply here
as well:




1. Nothing stops a spammer from using someone else's email address with
that domain answering yes (unless you start matching the his email
address with his IP which is what the LMAP proposals do). Especially
this would be true if he uses YOUR domain.


Our mail system does (optionally) check the return path domain against the
connection IP.  But more importantly, this puts the spammer into another
category, namely, outright fraud.
There is nothing in the IETF standards that requires the return path domain to be the same as the IP. As a matter of fact, many systems use outside MTAs to deliver their email, so such check can have many false positives. The only way to check for this is to utilize some kind of LMAP or similar proposal, such as digital keys (MSFT's).
Additionally, spammers are *fraudsters* and this is the most common occurance - using someone else's domain as return address and someone else 0wned machine for sending the spam! 





JamSpam seems to be currently dead. The folks involved could not agree
on anything so it fell apart.



Maybe so, but I am not too sure if they did not accomplish the goal of
allowing a legitimizing a classification of spam to be unrestricted at the
system level.   This "David" guy did attend the congressional hearings.  Was
IETG represented?



Nope, the IETF or IETF was not present.


IF you are rejecting email at the MAIL FROM stage, there is now way to
check for false positives since you do not have the actual email
message.



Doesn't apply.  Again, I am from the SCHOOL that SMTP has no business in
analyzing mail content.  That is what is going to get you in trouble and
FEED the legal eagles.

The goal is CONFORMITY of the client/server session.   If a MAIL FROM:
FAILS, the client has no business going any futher.   If the MAIL FROM:
succeeds, then WCSAP has done its part and it up to the next stages, if any,
to do checking.
You still have not answered the question - how do you know there are no false positives? What method did you use to figure that out? And also, what is your definition of a "false positive"? 

Yakov

-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Power tends to corrupt, and absolute power corrupts absolutely" (Lord Acton) 
-------


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: 6. Proposals - rDNS and rMX, MTAmark, Yakov Shafranovich
Next by Date:  Re: [Asrg] Re: 6. Proposals: LMTP vs. rDNS / Reverse MX [RMX] proposals, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] 0. General - Inquiry about CallerID Verification, Hector Santos
Next by Thread:  Re: [Asrg] 0. General - Inquiry about CallerID Verification, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]