[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Forwarding in the face of spam

To: Alessandro Vesely <vesely@xxxxxxx>
Subject: Re: Forwarding in the face of spam
From: Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 08 Aug 2008 08:16:32 -0400
Cc: Anti-Spam Research Group - IRTF <asrg@xxxxxxxx>, SMTP Interest Group <ietf-smtp@xxxxxxx>
In-reply-to: <489C0234.3070404@xxxxxxx>
List-archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-id: <ietf-smtp.imc.org>
List-unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
References: <489C0234.3070404@xxxxxxx>
Sender: owner-ietf-smtp@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.16 (Macintosh/20080707)

I strongly believe that mail filters need to be accountable for theiractions, so that their faults can be analyzed and corrective actiontaken. So, in principle, I support creation of mechanisms to identifywhich filtering criteria will be applied, to allow such criteria to beapplied earlier in the signal path, and to provide feedback so that poorcriteria can be more quickly identified as such.

Publishing your filtering criteria seems like a crude mechanism, butit's a start. Yes, spammers will use such information to look for holesin your criteria. But if the spammers use such information to avoidsending you mail that you'll drop anyway, your network still benefitsfrom reduced traffic.

If you do publish such criteria I think it's important to actually stickto them as minimum criteria when filtering mail. You don't want tocreate incentives for senders to ignore the criteria.


Keith

Alessandro Vesely wrote:

Hi all,
my apologies for cross posting, but my first question is which list, ifany, is appropriate for discussing this topic.
Apparently, it is a common practice to gather lists of IP addresses forthe purpose of dropping, rejecting and/or tarpitting mail requeststherefrom. (Rejecting and tarpitting can be played at both the TCP/IPand SMTP levels.) As a postmaster, I wonder how should I act for, say,forwarding all mail destined to a given address on my server to a givenremote mailbox. IMHO, I should operate the same boundary checks as thetarget server, because it is more annoying and less reliable to do DNSBLchecking on someone else's "Received" headers. However, unless theremote postmasters and I manually arrange some ad-hoc procedures, I haveno way to know what boundary checks their host currently carries out,let alone reassuring them that my server does those same checks beforeforwarding mail to their host.
DNSBL, SPF, and spam reporting are more or less standardized. Therefore,designing a mechanism to fix forwarding seems now possible.
As my first question can be answered implicitly, I put some more:
Independently of how a list of IP addresses is gathered, is there anyreason not to publish it?
Is there any reason why postmasters would not want to say what DNSBLstheir servers look up and what decisions they make thereafter? If I knewmy message were to be rejected, I would abort sending tout-court,irrespective of my hat's color. Would that be a disadvantage for thetarget host?
TIA for any elucidation
Ale

References:
- Forwarding in the face of spam
  - From: Alessandro Vesely

Prev by Date: Re: 2821bis/ter and procedures (was: Re: retry question)
Previous by thread: Forwarding in the face of spam
Index(es):
- Date
- Thread