spf-discuss
[Top] [All Lists]

Re: forged email DSN

2005-02-26 18:15:24
On Sat, 26 Feb 2005, Brian W. Antoine wrote:

  If some virus or spammer begins forging a domain name I'm responsible for
and another system begins loading down my server with rejected DSN's, and I
start getting calls from my users asking what this message they got means,

The users won't get any messages if the DSNs are rejected.

I'll be annoyed all right.  I doubt how I'd solve that problem is what you're
hoping happens and I suspect I'm not alone in that regard.

If they are not validating DSNs, my system will be at the bottom of the list
of offenders with the lowest volume.  I don't think they'll even notice me.

  Your solution responds to one form of abuse with what I expect will be seen
by a lot of people as another form of abuse.

I agree that actually sending a message is questionable, which is why
I'm running it by the group.  However doing a messageless CBV when no
other method is provided is entirely reasonable.

I think the key is keeping the message volume very low.  I'm logging all
DSN's sent so that I can make that list persistent across restarts of
the milter (and avoid resending to the same sender).  I think I will 
implement your idea of limiting actual messages per domain as well,
but I still need to do the messageless CBV in that case.

When I first tested it live last night, I was forcibly reminded 
that when spammers get rejected, they keep trying lots of addresses -
with the result that the first DSNs got sent about 12 times to the
same purpoted sender before I killed it.  :-(  That's when I added the cache.
:-)

The victims were brent at fmrco dot com, ted at wellsfargo dot com,
and cheri dot browne79 at dz dash rs dot si.

Hey guys/gals, if you see this, sorry :-}

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>