ietf-smtp
[Top] [All Lists]

Re: limiting SPAM

2003-11-22 16:37:52

rra(_at_)Stanford(_dot_)edu (Russ Allbery)  wrote on 22.11.03 in 
<87ekw02oax(_dot_)fsf(_at_)windlord(_dot_)stanford(_dot_)edu>:

Matti Aarnio <mea+ietf-smtp(_at_)nic(_dot_)funet(_dot_)fi> writes:
On Sat, Nov 22, 2003 at 10:31:54AM -0500, Richard O. Hammer wrote:

Is there something which prevents spammers from sending their messages
with a null reverse path in the envelope?  In other words, with
   MAIL FROM: <>
in the SMTP exchange?

As I am developing a MTA in which I hope to limit spam by filtering on
the reverse path, it looks to me like this opening intended for error
messages might be a big hole in my security.

We have been traveling for years thru that path.  It helps NOTHING.
Moreover, it prevents legitimate error messages from making through
to your users, which is getting to be rather serious pain in itself.

I hate to break this to you, but it helps a lot.  Not so much with spam,
but with bounces from forged messages, idiotic virus notifications, and
other sorts of nonsense.  Whether or not that's worth the protocol
breakage is, of course, a different question.

It would seem to me that a little work with, say, a Bayesian filter would  
fairly easily distinguish between legitimate and illegitimate empty-path  
mails, and get most right. And it would also work for the non-empty-path  
case, too.

It seems to me that mechanisms like that are vastly more productive than  
breaking the protocol.

What's more, a Bayesian filter is able to do more sorting than just spam/ 
no spam. That may well come in useful, too.

Personally, I think we should investigate having those filters available  
as a general tool, not just an anti-spam filter.

Here's an idea: say you are in an IMAP environment. Automatically train a  
filter for every IMAP folder a user has, and use that to propose filing  
for new messages. (You probably do want the user to confirm or override  
your choice, unless he explicitely sets it as automatic.)

MfG Kai

<Prev in Thread] Current Thread [Next in Thread>