ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Input on identities

2004-04-06 20:32:50
from [Doug Royer] [Permanent Link] 


John Gardiner Myers wrote:



Greg Connor wrote:


  * Bogus HELO is often used to mislead people.  Checking HELO for
   obvious, outright forgery keeps MY domain from being mentioned
   in a bogus message if I am not related to the sending client.
   This may lead to a reduction in misdirected abuse reports.
Does anyone have evidence of a significant number of abuse reports misdirected to forged HELO values? 

It keeps admins  from spending time trying to figure out which domain
really sent the email by having to go to ARIN (or whichever) when everything 
in the spam is forged.




 * HELO is a logical "fallback" in the case of MAIL FROM: <>
The From: header is a much more logical and useful fallback for the empty return-path.
Its logical when it can be trusted. Almost all of the time when the HELO value 
is bogus, so is the MAIL FROM and From: value.




 * HELO is currently pretty useless because it is not checked, but
   encouraging server admins to use the right name can have long-term
   benefits.
Unless you state what these benefits will be, their value cannot be determined. 

Benefit - saves time by allowing automated tools to track spam sources.
In the Apr 5 conference, the benefit listed was the ability to use a domain instead of an IP address as an index into some yet to be developed accreditation/reputation service. There are, however, numerous RBL services which demonstrate that IP-indexed reputation services do work.
They function, 'work' to me implies happily works. Their biggest bug is blocking all virtual sites that reside on one IP when a one long time go virtual host sent spam 
and may no longer be hosted at that IP address.
<>Delivery Status Notifications are unverifiable by MAIL FROM alone. HELO/EHLO checking provides additional information to identify if the DSN at least came 
from a verifiable MTA. The operators of the MTA could then be held
accountable for DSNs originating from it.
How is this additional information help? Can not the operators of the MTA be held accountable based on IP address?
Currently I can write tools to get domain contact information given a domain name. It is not always possible to get domain information from an IP without manual 
labor.  It is just as easy to blacklist by domain or IP address.


--

Doug Royer                     |   http://INET-Consulting.com
-------------------------------|-----------------------------
Doug(_at_)Royer(_dot_)com                 | Office: (208)520-4044
http://Royer.com/People/Doug   | Fax:    (866)594-8574
                              | Cell:   (208)520-4044

             We Do Standards - You Need Standards

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Problem, System complexity -> Solution complexity, Hector Santos
Next by Date:  Re: Input on identities, Greg Connor
Previous by Thread:  Re: Input on identities, John Gardiner Myers
Next by Thread:  Re: Input on identities, John Gardiner Myers
Indexes:  [Date] [Thread] [Top] [All Lists]