spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Unified SPF Algorithm (was: moving on from MARID)

2004-10-01 02:27:12
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Len Conrad" <LConrad(_at_)Go2France(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, October 01, 2004 5:11 AM
Subject: Re: [spf-discuss] Unified SPF Algorithm (was: moving on from MARID)





Rejecting based upon RCPT TO alone is a significant logical hole it

allows

automated address harvesters to poll an MTA with random addresses so that
it can build up a list of valid ones.


Do you have any evidence that this is taking place?

My impression is that such dictionary attacks for address harvesting may
have been a tactic in the late 90's, but the volume of spam today seems to
be running completely open loop, with spammers not bothering to check

which

names are delivered/rejected, not cleaning their databases, but just
sending volumes blindly.


I agree.  I am still trying to see the pattern. While they might go away for
a week or so, they come right back.

I am leaning towards the idea that the concern that "spammers" will adapt
with new exploitations, is not necessary a real concern.   I believe a goal
is to get spammers to "change" because a good major part of the problem are
those that do not change and since we are still faced with backward
compatibility requirements, the issues related to the current level of
security will still exist.

But I am not seeing any change whatsoever.   A good example is adding a
multi-line Welcome response at the connection level.  You will find a vast
40% of the bulk spammers dropping the connection because their primitive
SMTP sender scripts are not handlng multi-line 220 responses.   These guys
are simply NOT adopting to this simple change in their software to get pass
the connection level.  They round-robin blast their attempts across the
entire spectrum of class c addresses. So I have a huge log of 255 continous
transactions with a HELO domain and thats it.

So the question is how do you force spammers to "change" in order to
increase the reliability of new security technology?

IMO,  the IETF squandered a big opportunity by not aggressively supporting
CANSPAM functional model clearly laid out for software people and
implementators to work with to promote adoption and changes across the
industry.

Sincerely,

Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Unified SPF Algorithm (was: moving on from MARID), Len Conrad
Next by Date:  Re: Re: Unified SPF Algorithm (was: moving on from MARID), Mark Shewmaker
Previous by Thread:  Re: Unified SPF Algorithm (was: moving on from MARID), Len Conrad
Next by Thread:  Re: Unified SPF Algorithm (was: moving on from MARID), Joe Rhett
Indexes:  [Date] [Thread] [Top] [All Lists]