Yakov Shafranovich wrote:
Another LMAP-like variant has been posted as an Internet Draft:
http://www.ietf.org/internet-drafts/draft-stout-antispam-00.txt
Here are my comments on this document, with the text they apply to quoted:
"implementation recommendation" - BCP or STD? Readers should be able to tell
from the first line.
Sender: FQDN (Fully qualified domain name) that is stated
to be the sender of the e-mail message, as provided via the
'MAIL FROM' part of the (E-)SMTP dialogue (sender(_at_)domain(_dot_)name).
This definition is not consistent. Is it the MAIL FROM domain part, or is it
the mailbox and domain parts?
Mail servers exchange e-mail with each other by way of the
(E-)SMTP protocol [1]. For any message to be received, the Receiving
MTA will acquire the following details during connection setup and
the SMTP dialogue [2]:
o Sending MTA's IP address
o Sending MTA's host name
o Sender of the message (as provided via the 'MAIL FROM')
The last 2 members of this 3-tuple can be forged. It should read "Sending
MTA's claimed host name" and "Claimed sender of the message".
After an extensive analysis the conclusions to determine if you are
spammed are:
1. There can be no conclusion based on the existence of a
PTR-record for a Sending MTA's IP address.
2. There can be no conclusion based on a (mis-)match between the
supplied Sending MTA's host name and the reverse-DNS name (PTR).
3. There can be no conclusion based on the fact that the Sender's
e-mail address is valid.
For the first 2, there may not be a direct correlation (no PTR -> SPAM!),
but there could be a statistical correlation (no PTR -> SPAM with a 40%
certainty), which a statistical filter could take advantage of. As for the
third, Hector Santos would beg to differ, as he has shown that some spammers
are stupid enough to give MAIL FROMs that do fail return-path validation.
The solution is to require from all domain names to register ALL
their mail servers (host names) within the DNS MX records.
Send-only mail servers MUST also be registered in the MX records,
and they should be given the lowest possible MX priority (65535).
I don't think this is a new idea; I remember a similar proposal by DJB some
time back, although I can't find it now.
Additionally, in the ASRG, we have concluded that this would be semantically
incorrect, because sending MTAs that predate this standard will attempts to
deliver mail to those MXs regardless of the possibility that the message
will be rejected explicitly because that MTA rejects outside connections or
assumed rejected by the sending MTA because the receiving MTA didn't accept
it at some stage.
I'll not go further now
Philip Miller
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg