[Top] [All Lists]

Re: slow email validation problems (was reject vs bounce)

2005-09-14 07:53:16

At 14:59 14/09/2005, Chris Haynes wrote:

"Paul Smith" suggested:
BTW, the only solution to the 'keepalive' problem that I can think of other than having varying reply codes is for the server to receive the message the first time, reply with 450- until it decides whether to accept it or not, then reply '450 ' to temporarily reject the message, but record identifying details about the message (message id, envelope details, etc), then wait until the sender tries to re-send it and then accept it straight away. (This method also sort of merges the idea of 'grey listing', so might be even better at stopping spam). However, the obvious drawback is that every message has to be sent twice - which isn't good, but I can't see any other way to do it.

I am _seriously_ concerned about this suggestion.

It wasn't a suggestion...

There is a problem, which is that SMTP message content filtering needs to take place nowadays, and there doesn't seem to be a 'proper' way that it can be done without upsetting people somehow, or doing kludges. IMHO, not doing content filtering will lead to more unhappy people than doing it.

The only way which seems to me to be workable, other than using a 'keepalive' technique to override client timeouts, is as I describe above. Rather than being a suggestion, this was meant to be an 'anti-suggestion', to show that a 'keepalive' technique, or enforced reasonable timeouts, is more preferable.

Someone else on another list recently said that they are already doing this as a matter of routine. They were relying on the observation that many spammers just make one, pre-scripted, attempt to send each message, while good-guys will attempt a re-send.

This might be 'grey listing' that they were talking about.

This does seem to be quite widely used, but, yes, I agree it's only going to work in the short term.

Once spammers decide that this method of defence is starting to get in their way the obvious, easy tactic for them is to execute each spam run twice a few hours apart and, Voila! the amount of spam which _everyone_ sees is doubled.

If spammers do that, then it will stop the effectiveness of grey listing, but would not affect the mechanism I describe above, as (a) that would potentially spot the two messages as being different so neither copy would get through (sort of 'enhanced' grey listing), but also, if the message was identified as spam on the first run, it would be blocked on the second run as well.

Paul                            VPOP3 - Internet Email Server/Gateway

<Prev in Thread] Current Thread [Next in Thread>