Hi Alex,
Thanks for your reply.
Alex van den Bogaerdt elucidated on 13/11/06 16:04:
On Mon, Nov 13, 2006 at 02:22:53PM +0000, Jon Grant wrote:
The problem I see is where to get a constantly updated list of spammer
domains. The present system Reject 554 by IP address I think, so its
just another extension to that if we Reject 554 by domains as well.
At some point, I expect the system to work well enough to accept messages
from, for instance, you if you have a good reputation and move to another
computer. At the same time, an unknown domain name, probably new, sending
from an ADSL connected computer, may not pass the filter.
It's all about combining knowledge.
If your domain name has a good reputation, and if your SPF record authorizes
this new computer you'll be sending from, why not accept the message (even
if the connection is on DUL for instance).
At the same time, why would I accept messages from a new domain, sent
from a dollar-a-day dedicated hosting account. Chances are this is a
spammer.
I think this approach could work well, just needs some training of the
inputs to have it adapt to changing circumstances.
I'm pretty sure spammers evolve around every change we put in place. the
spammer problem has a list of mail configurations for popular ISPs..
So, we stop fighting and give up? Things are getting more expensive for
us, but they also get more expensive for them. With a bit of luck, the
spammer will have to pay more than he can "earn". That means he'll stop.
Sorry, I didn't mean give up. I was trying to make an observation that a
spammer will comply with SPF if it helps him get his spam through the
system...
Good point about the cost, I thnk this is the main factor which will
bring the era of spamming to a close. There is just so much spam and the
machines sending are changing so quickly from zombie pc to another it is
very difficult to catch them.
Will using SPF actually cause bounces?
No. People that accept-then-bounce cause bounces. Most of them
anyways.
spammer connects to server, server accepts message, server notices
"kslkjashdflgshd(_at_)example(_dot_)com" does not exist, server sends bounce
to the victim of this spam run.
SPF could help in this scenario:
spammer connects to server, server notices discrepancy between sender
address and connecting computer, server refuses to accept the message.
Of course, smart ISPs won't accept mail for
"kslkjashdflgshd(_at_)example(_dot_)com"
and thus won't accept responsibility for it. Those ISPs that do accept
responsibility for such a message are the ones responsible for causing
harm to the forged domain owners. Spamcop...
Does Spamcop accept, and then reject then? Or were you meaning Spamcop
is the solution?
does Spamhaus offer their blocklists for free in some way?
it looks like I have to pay for Spamhaus:
http://www.spamhaus.org/faq/answers.lasso?section=Data%20Feed
Spamcop looks free, and they have a nice page about configuring postfix
reject options I noticed.
Could you recommend any ISP which has a configurable Reject 554 policy?
I'd like to be able to list envelope-sender and the displayed From:
addresses which I want to be Rejected with code 554. I get many junk
mails from online shops and such that I once ordered things from. Its
often not possible to get them to stop sending me their newsletters etc
unfortunately.
Spamcop...
Cool! I'll take a look. I was hoping to be able to put a message after
the Reject for each email address I list. Saying something like "This
appears to be spam, please see this web page if you wish to appeal
http://jguk.org/"; etc.
I'd also like to be able to configure detection of auto-responder
emails. "Out of office" etc, so they get Rejected 554 too if they are not
from mailing lists when they would be simply deleted.
I'd also like to Reject 554 connections to my MX server from IP
addresses which do not have reverse DNS set up on them, and connections
which say HELO with a different domain name to their Reverse DNS.
The first one is technically sound but you may end up refusing mail
you actually wanted to receive, the second one is against the RFCs.
Your mail, you can do to it what you want, but be aware that if you
don't want to play according to the rules, others won't.
Ah ok, so maybe the second one is best not implemented. At least should
we look for a fully qualified domain in the HELO?
For ultimate configurability, I suggest running your own server,
preferably somewhere in a datacenter.
I've got my own linux server running on a fixed IP, I'm just not so sure
what software packages to setup to allow all these ideas to work.. Do
you know of any easy to use system, with a web interface which I could
install on my server to manage it? I'm using postfix at present, but I
can change to a different MTA if I need to.
Thanks again for replying with so much info,
Kind regards
Jon
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735