ietf-smtp
[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-28 06:02:12

Paul Smith wrote:
A bot could use:
EHLO fhbdfhbeng.spammer.com

where fhbdfhbeng.spammer.com resolves to the IP address of the bot. The
spammer can trivially set up a virtual DNS zone with all valid IP
addresses in it, and the bot just chooses the appropriate one.

Uh, I may be dumb but I finally got it...

I guess that by "virtual DNS zone" you mean something where "fhbdfhbe" is the hex IP address of the bot (possibly obtained via traceroute from behind a NAT) and "ng" the bot version or whatever additional info is necessary for virtualizing the zone.

Apparently, that argument rules out any DNS-based validation.

Exactly, so how does having a 'correct' EHLO parameter help?

I can see that having an incorrect one can be used to block mail, IF
(and this is a big 'if') you can be sure that legitimate senders set up
things correctly. However, if this becomes a standard check, then it is
trivial for a spammer to get around it. And, all that has achieved is
another useless check, which makes life harder for the good guys.

Hm... it is useless to install an armored door in a shutterless house, and it is also useless to install security shutters since the door cannot be locked. Does that analogy fit the status quo?

IMHO, if we start designing an armored door, perhaps by the time it will be installed those shutters will be underway. I still like VHLO.

<Prev in Thread] Current Thread [Next in Thread>