On Fri, Aug 23, 2013 at 03:27:47AM +0200, keld(_at_)keldix(_dot_)com wrote:
Just a thought I had for spam detection: what about testing if you could
connect to port 25 on the sending MTA?
First, initiating an outbound network connection in response to an
inbound connection of unknown and quite likely dubious provenance
is an intrinsically bad idea. As we've seen, for example, with the
abusive/short-sighted/ineffective idea of "SMTP callbacks", which
have readily lent themselves to DDoS attacks against third parties.
Second, there are MANY hosts which emit legitimate SMTP traffic but
which do not answer on port 25.
Third, there are much better ways to deal with zombie-initiated spam.
Using "greetpause" and "greylisting", for example. Refusing all mail
from anything without proper rDNS, proper matching rDNS/DNS, and proper
HELO. Refusing all mail from anything with a generic hostname. Refusing
all mail from dynamic IP space. (See Steve Hesketh's excellent work
on this, for example.) Combinations of these are quite effective,
they're simple, they're difficult to game, they're efficient, they're
reliable, they exhibit very low FP and FN rates, and they interoperate
beautifully with other measures.
ietf-smtp mailing list