spf-discuss
[Top] [All Lists]

Re: forged email DSN

2005-02-26 18:43:39
At 05:15 PM 2/26/05, you wrote:
On Sat, 26 Feb 2005, Brian W. Antoine wrote:

  If some virus or spammer begins forging a domain name I'm responsible for
and another system begins loading down my server with rejected DSN's, and I
start getting calls from my users asking what this message they got means,

The users won't get any messages if the DSNs are rejected.

  Only for the forgeries that don't hit real user names, it does happen.

I'll be annoyed all right.  I doubt how I'd solve that problem is what you're
hoping happens and I suspect I'm not alone in that regard.

If they are not validating DSNs, my system will be at the bottom of the list
of offenders with the lowest volume.  I don't think they'll even notice me.

  Depends on how closely they are watching.  My daily status report from my
residential mail server includes a section on the most active sites generating
useless DSN's to my server.  The point where I call foul and firewall them off
is pretty high, but it has happened.  Others might be watching their servers 
also.

  Your solution responds to one form of abuse with what I expect will be seen
by a lot of people as another form of abuse.

I agree that actually sending a message is questionable, which is why
I'm running it by the group.  However doing a messageless CBV when no
other method is provided is entirely reasonable.

  We'll have to disagree on that.  I've thrown Verizon in my firewall
more than once because I saw a huge spike in the load on my residential
mail server and traced it to their callback system.  I do publish an SPF
record for the domain that was getting forged, they ignored it.

  I usually remember to remove them in a day or two.

  From your own keyboard came the admission that you'll be trying to annoy
them enough to get them to act.  Personally, a scheme whose premise was to 
annoy other mail server admins would seem dangerous, you might just succeed
and they outnumber you.


<Prev in Thread] Current Thread [Next in Thread>