ietf-asrg
[Top] [All Lists]

Re: Forwarding in the face of spam

2008-08-08 05:44:21

I strongly believe that mail filters need to be accountable for their actions, so that their faults can be analyzed and corrective action taken. So, in principle, I support creation of mechanisms to identify which filtering criteria will be applied, to allow such criteria to be applied earlier in the signal path, and to provide feedback so that poor criteria can be more quickly identified as such.

Publishing your filtering criteria seems like a crude mechanism, but it's a start. Yes, spammers will use such information to look for holes in your criteria. But if the spammers use such information to avoid sending you mail that you'll drop anyway, your network still benefits from reduced traffic.

If you do publish such criteria I think it's important to actually stick to them as minimum criteria when filtering mail. You don't want to create incentives for senders to ignore the criteria.

Keith

Alessandro Vesely wrote:

Hi all,
my apologies for cross posting, but my first question is which list, if any, is appropriate for discussing this topic.

Apparently, it is a common practice to gather lists of IP addresses for the purpose of dropping, rejecting and/or tarpitting mail requests therefrom. (Rejecting and tarpitting can be played at both the TCP/IP and SMTP levels.) As a postmaster, I wonder how should I act for, say, forwarding all mail destined to a given address on my server to a given remote mailbox. IMHO, I should operate the same boundary checks as the target server, because it is more annoying and less reliable to do DNSBL checking on someone else's "Received" headers. However, unless the remote postmasters and I manually arrange some ad-hoc procedures, I have no way to know what boundary checks their host currently carries out, let alone reassuring them that my server does those same checks before forwarding mail to their host.

DNSBL, SPF, and spam reporting are more or less standardized. Therefore, designing a mechanism to fix forwarding seems now possible.

As my first question can be answered implicitly, I put some more:

Independently of how a list of IP addresses is gathered, is there any reason not to publish it?

Is there any reason why postmasters would not want to say what DNSBLs their servers look up and what decisions they make thereafter? If I knew my message were to be rejected, I would abort sending tout-court, irrespective of my hat's color. Would that be a disadvantage for the target host?

TIA for any elucidation
Ale


<Prev in Thread] Current Thread [Next in Thread>