Re: Forwarding in the face of spam
2008-08-08 05:44:21
I strongly believe that mail filters need to be accountable for their
actions, so that their faults can be analyzed and corrective action
taken. So, in principle, I support creation of mechanisms to identify
which filtering criteria will be applied, to allow such criteria to be
applied earlier in the signal path, and to provide feedback so that poor
criteria can be more quickly identified as such.
Publishing your filtering criteria seems like a crude mechanism, but
it's a start. Yes, spammers will use such information to look for holes
in your criteria. But if the spammers use such information to avoid
sending you mail that you'll drop anyway, your network still benefits
from reduced traffic.
If you do publish such criteria I think it's important to actually stick
to them as minimum criteria when filtering mail. You don't want to
create incentives for senders to ignore the criteria.
Keith
Alessandro Vesely wrote:
Hi all,
my apologies for cross posting, but my first question is which list, if
any, is appropriate for discussing this topic.
Apparently, it is a common practice to gather lists of IP addresses for
the purpose of dropping, rejecting and/or tarpitting mail requests
therefrom. (Rejecting and tarpitting can be played at both the TCP/IP
and SMTP levels.) As a postmaster, I wonder how should I act for, say,
forwarding all mail destined to a given address on my server to a given
remote mailbox. IMHO, I should operate the same boundary checks as the
target server, because it is more annoying and less reliable to do DNSBL
checking on someone else's "Received" headers. However, unless the
remote postmasters and I manually arrange some ad-hoc procedures, I have
no way to know what boundary checks their host currently carries out,
let alone reassuring them that my server does those same checks before
forwarding mail to their host.
DNSBL, SPF, and spam reporting are more or less standardized. Therefore,
designing a mechanism to fix forwarding seems now possible.
As my first question can be answered implicitly, I put some more:
Independently of how a list of IP addresses is gathered, is there any
reason not to publish it?
Is there any reason why postmasters would not want to say what DNSBLs
their servers look up and what decisions they make thereafter? If I knew
my message were to be rejected, I would abort sending tout-court,
irrespective of my hat's color. Would that be a disadvantage for the
target host?
TIA for any elucidation
Ale
|
|