[Dshield] Raynote appealing for ISP commonsense

John Hardin johnh at aproposretail.com
Sun Jan 25 20:31:40 GMT 2004


Ray Palmer said:
> Everything that makes it through the spam filters should have both
> destination and source addresses validated.

I still don't see how this would help.

The destination address is automatically validated. If it's not valid, the
email bounces.

A lot of servers are already validating that the source domain does exist.
Many are validating that it does have an MX record. If the complete source
email address must also be validated, then:

(1) it's that much more load on the system that spam imposes, and it's
load on more than just the recipient's system. The only feasible way to
check whether the sender's address is valid is to contact the sender's
domain MX and try starting a message to that address. Requiring this for
all messages  would essentially make spam a DDoS attack on the (likely
forged) sending address's MX host(s).

If we're going to impose extra load on the system, let's impose that load
on the *spammers*, not their intended targets or innocent third parties.

(2) if you start enforcing validity of the sending email address, spammers
will just start using valid email addresses, and they *won't* be their own
addresses! Spammers can harvest plenty of valid email addresses from the
address books of the systems they have compromised. This would make *all*
spam into massive joe-jobs, where only a fraction of it is that way now.

I believe what you are hoping to achieve is underway already in the form
of "Sender Permitted From" (see http://spf.pobox.com/)

However, for SPF to be completely effective by itself, all domains you
wish to receive mail from must participate, and that will likely never
happen.

A combination of SPF and, where SPF records don't exist, tempfail the
first delivery attempt may be an effective low-burden solution.

i.e.:
  1) SMTP connection received
  2) do DNSBL lookups and rejects
  3) receive MAIL FROM
  4) check SPF record for sending domain, accept delivery if valid
  5) new source IP address? tempfail for 12-24 hours
  6) source IP still in tempfail list? tempfail again
  7) accept delivery

Of course, the tempfail step assumes the spammers are just spewing, and
don't queue messages for later retry, but even so it DOES give the IP
address a chance to make it into the DNSBL lists if it's a
freshly-compromised host or some such.

> ----- Original Message -----
> From: "John Hardin" <johnh at aproposretail.com>
>
>> On Fri, 2004-01-23 at 04:32, Ray Palmer wrote:
>> > stop passing emails that do not have valid
>> > source and destination addresses.
>>
>> How can ISP A tell whether a given email address at ISP B is valid?

-- 
John Hardin  KA7OHZ                           <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192




More information about the list mailing list