On Tue, 7 Sep 2004, Tony Finch wrote:
On Fri, 27 Aug 2004, Michael R. Brumm wrote:
The (2821 MAIL FROM) bounce address is irrelevant? This seems absurd
considering how many bounces (containing spam and viruses) I get for
messages I never sent.
If you want to solve that problem set up something like BATV.
Sender-ID and SPF do not solve the backscatter problem; at best
they might ameliorate it.
Actually, they make it __much__ worse. Instead of getting bounces to email
addresses that actually don't exist, you will get 100% of the email
bounced from the relay (open or closed makes no difference) from which the
mail was rejected.
There are several invariants:
Every user/abuser has an ISP that provides them with relay services.
Every user/abuser has access to those relay services right up until their
account is shut off, due to complaints.
Abusers send directly because its easier than finding a relay or carrying
a list of relays in the payload. SPF identifies the internal relays quite
nicely. Relay services benefit regular users. Now abusers can enjoy the
same benefits.
The joe-job'd target gets more bounced mail. Abusers (well, anti-spammers
actually) used to send mail through open relays to sites that blocked that
open relay. Few sites blocked open relays, but the relay abusers often
knew exactly which sites used open relay blacklists. The result would
bounce the messages back to the joe-job, seemingly from the open relay
directly. Of course, closed relays could be abused the same way, but
rarely were. Funny how "ethical" these abusers were. But the target was
still inundated with email, and sometimes had to abandon their addresses.
Open relay operaters managed to get that kind of abuse under control by
blocking the open relay blacklists from scanning, and thus depriving them
lists of relays to abuse. Eventually the relay blacklists closed down last
year. though they never really blocked much email. Open relay abuse has
dropped off significantly in the last year. Now, with SPF, they will
bring back those bad old days.
--Dean