ietf
[Top] [All Lists]

Re: Spam catcher

2016-04-22 11:39:04
Would it help to stop spam by recording the IP address of the originating 
server when open SMTP relays collect mail? Record
the IP address in the body of the e-mail, and record an IP address at each 
hop. Establish a chain of custody so I can track
an e-mail back to the source IP address.

Short answer: no.

Open SMTP relays disappeared a decade ago when spammers started
abusing them, and SMTP servers have always recorded the incoming IP
addresss in Received headers.

As someone else noted, once you get more than one hop, you have no
reason to believe the Received headers unless you know the relaying
host is reliable (in which case it's unlikely to have a spam problem.)

DKIM offers some help in identifying the originating, or at least the
signing server.  ARC is a work in progress to try to provide a signed
chain of DKIM like headers.

In my experience, other than a few narrow cases related to mailing
lists, trying to filter based on IPs beyond the immediately connecting
host isn't very effective.  The same IP could have a legit user
sending real mail and a botnet sending spam.

R's,
John

<Prev in Thread] Current Thread [Next in Thread>