Kjetil Torgrim Homme wrote:
[Matthew Elvey (FM)]:
Matt Sergeant of SpamAssassin posted very relevantly to the ASRG about
GTUBE in March:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01527.html+gtube
Correction: (take off the +gtube - the URL stopped working with that)
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01527.html
There were a couple replies that are meritless from Vernon
Schryver and Kee Hinckley. A valid complaint was what about
antispam systems that aren't content filters?
that's a bit harsh on Vernon Schryver, his idea of setting up an
auto-responder from a fixed IP-address is exactly what you propose.
Great. I haven't seen him propose that. I guess I missed it. He's got
lots of good ideas, just not on that thread, as far as I saw.
Tact and collegiality were missing. My intent was to make others'
reading of the thread go quicker by echoing what's said at
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01678.html
- he seemed to have misunderstood the purpose.
Enhancement to my scheme to more fully address it: A pseudo-open
relay could be established (run by who?)
probably someone academic, for stability topologywise, and also for
IPv6 support. the problem is that willfully getting your host listed
in RBL is scary. you never know what people will jump to conclusions
and blacklist your entire B-net. (perhaps MIT could run it in its own
B-net ;-)
ICANN ISOC IESG IETF IANA... so many I*s but none with this falling
within their charter AFAIK.
that would (attempt to) relay only Quizzic-compliant messages.
might as well leave SMTP out of it. connect to a port, enter a
recipient address,
Whatever is easier to implement and use. A web form would work too.
But I think SMTP is probably best. For example, say you want to test a
system that scans for spam on the way OUT.
You'd set your client's (outoging) smtp server to QuizzicServer.MIT.edu
or whatever. If there's an SMTP proxy run by your system or ISP, this
gives it a chance to be shown to work. I also think it's simplest to
implement with existing software.
and the server will connect to the MX of the source
IP. (make sure the reverse and forward lookup match.)
Can you explain this more? I'm not clear on what you're trying to do
here or why. Is this test something that would make Quizzic hard for
joe user to use?
I guess if we're sticking with SMTP, if joe user's SMTP server doesn't
have matching lookups, tough-a lot of servers are rejecting his mail;
(this is the least of his problems, and the shortcoming might help joe
user become aware of it), but if he's suposed to telnet from his windoze
PC, expecting matching lookups is a bit unreasonable.
the message
will be fixed, and therefore not attractive to abuse by spammers.
I'm trying to allow flexibility that may be useful while still not
making it attractive to spammers.
At least, I'd like to have the email address of the (purported) sender
be available. The source IP would be in the mail header; SpamCop and
workalikes would be configured to trust the system and consider the
source IP as the source of spam, and, by default at least, not report
Quizzic reports as spam at all.
rate limiting per source IP (no more than 10 messages a day?) will
stop the people trying to use it to DOS.
Rate limiting makes sense.
Sounds like the effort is still needed and the need is there.
it seems to me that asrg is the proper forum, though.
The noise is deafening and the (admittedly oft-ignored) charter -
http://www.irtf.org/asrg/ doesn't seem to admit this topic, so I'm
reluctant to go there.
Anyone else want/not want the discussion here?