spf-discuss
[Top] [All Lists]

Re: Attacking the throwaway-domain problem

2003-10-14 15:26:29
"Eric S. Raymond" <esr(_at_)thyrsus(_dot_)com> writes:
Justin Mason <jm(_at_)jmason(_dot_)org>:
I think the current problems with blocklists are that spammers have found
a way to change addresses very quickly, through use of open proxies.  

This, at least, would bring them back to a state whereby their servers
must have a static set of IPs, with a predefined list of domains that
refer to those IPs; in other words, the speed with which they can change
to a new IP-domain combo, as one is blocklisted, is greatly reduced.

I reckon it'll bring us back to the "old days" of BLs -- when they were
much more effective, and spammers much more traceable.

One interesting possibility here is a spam-domain list with
the following properties:

1. Updated by automatic feeds from spam-traps.
2. Entries age.  Their expiry clock is reset when they're queried.
3. After a timeout period with no queries, the record expires.

Expiry is important because we don't want every domain name ised as 
a throwaway to be poisoned forever.

The problem with this is how do you reliably determine what domain the
email is actually coming from?  If the spammers can find some way to
get amazon.com into the spam-domain list, they'll put it there in
order to make the list useless.  IP address blacklists can be fed by
spamtraps because forging the IP in a functional connection is
difficult.  Domain names can easily be forged, either in the message
headers, SMTP commands or reverse DNS entries.  We can use linked
forward and reverse DNS mappings to confirm identity, but spammers
will just not publish reverse DNS for their IPs.

-- 
Ted Cabeen
Sr. Systems/Network Administrator
Impulse Internet Services

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡