ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: SPF abused by spammers

2004-09-15 07:52:30
from [David Maxwell] [Permanent Link] 
On Tue, 14 Sep 2004, Barry Shein wrote:

On September 15, 2004 at 00:20 hjp-asrg(_at_)hjp(_dot_)at (Peter J. Holzer) 
wrote:
 > Why should they? No legitimate user would want to send mail as
 > 
johndoe(_at_)ABordeaux-251-2-10-162(_dot_)w82-125(_dot_)abo(_dot_)wanadoo(_dot_)fr,
 because he will
 > never be able receive an answer (assuming that this is an address in a
 > dynamic address pool). The legitimate user will send want to send mail
 > as johndoe(_at_)wanadoo(_dot_)fr, or maybe 
johndoe(_at_)bordeaux(_dot_)wanadoo(_dot_)fr(_dot_)

Well, of course that's sensible, but the point really is that there is
little difference between hijacking your PC and just breaking into
your house and sitting down at your PC, as far as detectability of
intent goes.

So, if the ISP allows your PC to do direct delivery and will ACK your
SPF (however one might say that) then a zombie program on that PC will
be ACKed also.

[...]

The point is, if wanadoo.fr's servers will ACK for that PC when the PC
tries to send from johndoe(_at_)wanadoo(_dot_)fr then it'll ACK for a zombie
program running on that PC also.

AND, I contend, there'll be millions of such PCs (infected or not.)


If the ISP requires all mail to go through their servers, it's trivial
to detect an upsurge in number of emails from a particular sender. This
change (in concert with SPF, or other RMX method) would limit the number
of spam message sent to the number of legitimate emails sent. I know
many users who receive a 20:1 or higher spam ratio, so this would be a
significant reduction.

If the ISP doesn't require all mail to go through their servers, the
same limiting could be accomplished by having routers count outgoing
SMTP SYNs.

Current routers aren't optimized to do that, so requiring use of the ISP
mail servers is easier - but either way is possible.

-- 
David Maxwell, david(_at_)vex(_dot_)net|david(_at_)maxwell(_dot_)net -->
If you don't spend energy getting what you want,
        You'll have to spend it dealing with what you get.
                                              - Unknown


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] standard for antispam, Peter Bowyer
Next by Date:  Re: [Asrg] Re: SPF abused by spammers, Seth Breidbart
Previous by Thread:  Re: [Asrg] Re: SPF abused by spammers, Barry Shein
Next by Thread:  Re: [Asrg] Re: SPF abused by spammers, Seth Breidbart
Indexes:  [Date] [Thread] [Top] [All Lists]