ietf
[Top] [All Lists]

Re: SpamOps claims about Email Authentication and open relays

2005-06-25 18:03:27
On Fri, 24 Jun 2005, Doug Royer wrote:


Of the two of us, you would NOT HAVE A CLUE about if I can or
can not read and understand my own logs :-)

I'm not saying you can't read logs. I'm saying there aren't any reliable
automated methods of determining whether a message came from an open 
relay.  So you are assuming too much about the meaning of your log 
entries.  That it came from a machine on an "open relay" blacklist, 
doesn't mean it came from an open relay.

I am sure that those 22,000+ spams were blocked by the DNS
list that "says" its an open relay list by SORBS and the other one.

I've no doubt they did. But the blacklists' word doesn't mean anything for
several reasons. And furthermore, even by their own definition of what's
in their blacklist, it doesn't mean that. You are misquoting them. They 
indicate that their blacklist also contains open proxies.

Note that 235.245.195.212 is not allocated. This is a forged header.  
66.59.238.35 isn't running an open relay. Indeed, I could not find a
single open relay spam in a sample of 15 of the 605 spams I've received in
the last 24 hours. But I did find forged headers pretending to be open
relay. Though that is also becoming the exception. Much spam doesn't even
bother with forged headers.

I do NOT rely on ANY information from the content of SPAM to tell me
anything. I use the getpeername() OS call to get the IP of the remote
sending system - live as they send it.

The rest of this, I won't address. Its basically circular, since you are
subscribing to a list known to promote abuse open relays; You probably get
more open relay abuse as a result. This makes them appear more effective, 
and thus more valuable.

My only point is that by the indicator of hand analysis of recieved ppam,
and by the indicator of actual abuse of open relays, open relay abuse has
dropped off to nearly nothing since Fall of 2003. So it seems interesting
that you are still getting a lot of open relay abuse, and that open relay
abuse accounts for 90% of your spam.  This does not seem credible as a
general statement.  I'm not saying you are lying, but only that your
experience isn't generally experienced by others.

At this point, I'll take this off the ietf list
and we can continue this between ourselves.

You'll have to quit using SORBS, if you want off-list email from me.

                --Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   





_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



<Prev in Thread] Current Thread [Next in Thread>