Re: Input on identities



----- Original Message ----- 
From: "John Gardiner Myers" <jgmyers(_at_)proofpoint(_dot_)com>
To: <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Tuesday, April 06, 2004 9:03 PM
Subject: Re: Input on identities

Does anyone have evidence of a significant number of abuse reports
misdirected to forged HELO values?


Hi John,  thanks for asking.  We see about 15%-20% on spoofed HELO domain
literals
or syntax errors, i.,e HELO [our address] and about 12% rejections based on
local
domain spoofs, i.e., helo santronics.com,  helo winserver.com, etc.

I can make all the logs available if required.

Hector Santos writes:

However, from what we have learned with a consistent number of hits, the
questions are now:

- Why aren't these people learning?
- Why aren't they adapting to the enforcements?
- Why do they keep trying on what seems to be a daily schedule?

They aren't learing or adapting because your enforcement isn't a
sufficiently large portion of the ecosystem.  My experience at a
provider which was a sufficiently large portion of the ecosystem is that
those people do learn and adapt, quite quickly in many cases.


Excellent point John.  The spammers still see a majority of unprotected
systems. No need to adapt yet.

When they do adapt, then many will begin to die or go straight.  We achieve
our goal at the management, tracking and auditing. In other words, they need
to adapt to our game. We should not be adapting to their game.  In addition,
legitimate but badly configured systems will need to get their act together
in this new era. I don't think this is asking much and if so, it can done
within a time frame.  Also, consider the excellent retry concept in SMTP
allow for the opportunity for protected receivers to adjust.  There will be
much activity, as we already do, in "False Rejection Analysis" and what we
clearly see in our customer base is that those who are false rejected will
undoubtedly contact you one way or another.    I have not seen an issue at
all in this area.  In my high technical opinion,  SMTP compliancy is the
right logical direction at the first level protection of eliminating the
spoofers.

Thanks for your feedback

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Input on identities, (continued) Re: Input on identities, Markus Stumpf Re: Input on identities, Alan DeKok Re: Input on identities, Greg Connor Re: Input on identities, Philip Miller Re: Input on identities, Alan DeKok Re: Input on identities, Greg Connor Re: Input on identities, Alan DeKok Re: Input on identities, Doug Royer Re: Input on identities, Markus Stumpf Re: Input on identities, Greg Connor Re: Input on identities, Hector Santos <= Re: Input on identities, Dave Crocker Re: Input on identities, Pete Resnick Re: Input on identities, Tony Hansen Re: Input on identities, Markus Stumpf Re: Input on identities, Pete Resnick Re: Input on identities, Markus Stumpf Message not available Re: Input on identities, Dave Crocker Re: Input on identities, Doug Royer Re: Input on identities, Markus Stumpf Re: Input on identities, Doug Royer