spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?

2005-11-28 13:53:54
from [Stuart D. Gathman] [Permanent Link] 
On Mon, 28 Nov 2005, paddy wrote:


At the same time, novel uses of the text in 5xx and 4xx may succeed in
gently contacting some admins (Didn't Stuart offer a positive story of
this recently ?)


Not quite.  My experience is that the text from 5xx/4xx is mangled and
never seen by the user and/or appears in an MUA dialog box that the user
ignores as "yet another error sending mail".

However, what has been effective and resulted in many positive response
is sending a DSN (a real one with null sender) to the alleged sender.
This is easily ignored by MFROM signing, and is, of course, not sent
for an SPF FAIL.


I do think its important not to send a notice per abusing mail, but perhaps
a daily report, but I also think that having as many people as possible
working on the problem might lend weight.


I cache the DSNs, and resend weekly while the problem persists.

Please make sure the notices are real DSNs (null sender).  I hate
getting replies from such software and will likely blacklist the
source.  But DSNs are fine because they are easily filtered via
MFROM signing even if the sender didn't check my SPF record.

I think SpamCop is probably blacklisting for replies to forged mail, not
DSNs (or else they are smoking crack).


Would any kindly and more experienced soul care to summarise for me/us
the history of such attempts?


An annoying problem is when the sender is forged, has no SPF, and
their spam filter *replies* to the DSN (a huge no-no, but very common).

Unfortunately, there is no reliable way to detect repies to a DSN.  I
have a large mailbox full of them, and intend to compile a heuristic to
detect the case where the DSN simply says "user xxxx does not exist"
and/or variations thereof in various languages (don't ask me why
they didn't simply give a 5xx response).  I can then alter the 
DSN cache entries for such BAD user DSNs to reflect the 5xx response that
should have been given and begin rejecting email allegedly from the
non-existent user.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?, paddy
Next by Date:  [spf-discuss] Updated Query.pm for Mail::Query::SPF, Craig Whitmore
Previous by Thread:  Re: [spf-discuss] Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?, paddy
Next by Thread:  Re: [spf-discuss] Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?, paddy
Indexes:  [Date] [Thread] [Top] [All Lists]