Re: slow email validation problems (was reject vs bounce)
2005-09-14 07:53:16
At 14:59 14/09/2005, Chris Haynes wrote:
"Paul Smith" suggested:
<snip>
BTW, the only solution to the 'keepalive' problem that I can think of
other than having varying reply codes is for the server to receive the
message the first time, reply with 450- until it decides whether to
accept it or not, then reply '450 ' to temporarily reject the message,
but record identifying details about the message (message id, envelope
details, etc), then wait until the sender tries to re-send it and then
accept it straight away. (This method also sort of merges the idea of
'grey listing', so might be even better at stopping spam). However, the
obvious drawback is that every message has to be sent twice - which isn't
good, but I can't see any other way to do it.
I am _seriously_ concerned about this suggestion.
It wasn't a suggestion...
There is a problem, which is that SMTP message content filtering needs to
take place nowadays, and there doesn't seem to be a 'proper' way that it
can be done without upsetting people somehow, or doing kludges. IMHO, not
doing content filtering will lead to more unhappy people than doing it.
The only way which seems to me to be workable, other than using a
'keepalive' technique to override client timeouts, is as I describe above.
Rather than being a suggestion, this was meant to be an 'anti-suggestion',
to show that a 'keepalive' technique, or enforced reasonable timeouts, is
more preferable.
Someone else on another list recently said that they are already doing
this as a matter of routine. They were relying on the observation that
many spammers just make one, pre-scripted, attempt to send each message,
while good-guys will attempt a re-send.
This might be 'grey listing' that they were talking about.
This does seem to be quite widely used, but, yes, I agree it's only going
to work in the short term.
Once spammers decide that this method of defence is starting to get in
their way the obvious, easy tactic for them is to execute each spam run
twice a few hours apart and, Voila! the amount of spam which _everyone_
sees is doubled.
If spammers do that, then it will stop the effectiveness of grey listing,
but would not affect the mechanism I describe above, as (a) that would
potentially spot the two messages as being different so neither copy would
get through (sort of 'enhanced' grey listing), but also, if the message was
identified as spam on the first run, it would be blocked on the second run
as well.
Paul VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Keep Alive Response Codes [Re: slow email validation problems (was reject vs bounce)], (continued)
- Re: slow email validation problems (was reject vs bounce), Paul Smith
- Re: slow email validation problems (was reject vs bounce), Hector Santos
- Re: slow email validation problems (was reject vs bounce), Paul Smith
- Re: slow email validation problems (was reject vs bounce), Hector Santos
- Re: slow email validation problems (was reject vs bounce), Paul Smith
- Re: slow email validation problems (was reject vs bounce), Bill McQuillan
- Re: slow email validation problems (was reject vs bounce), Chris Haynes
- Re: slow email validation problems (was reject vs bounce),
Paul Smith <=
- Re: slow email validation problems, wayne
- Re: slow email validation problems, Valdis . Kletnieks
- Re: slow email validation problems, Arnt Gulbrandsen
- Re: slow email validation problems, wayne
- Re: slow email validation problems, Valdis . Kletnieks
- Re: slow email validation problems, Bogdan Tomchuk
- Re: slow email validation problems, Valdis . Kletnieks
- Re: slow email validation problems, Bogdan Tomchuk
- Re: slow email validation problems, Alex van den Bogaerdt
- Re: slow email validation problems, Bogdan Tomchuk
|
|
|