<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: spam SW, EMS/RFMS


Sigh...

Unfortunately you cannot block <> since there are a lot of mailing-lists
that use tha as a "from"-address...
( except from other reasons.. )

 
> Some time ago a new "player" seems to have entered the spam program
> market; it is usually referred to as
> 
>     "Express Mail Server" (EMS)
>     "Rapid Fire Mail Server" (RFMS)
> 
> Example:
> 
>     >Return-Path: <>
>     >Received: from 166.55.38.53
>     >   (usr13-dialup53.mix1.WillowSprings.mci.net [166.55.38.53])
>     >   by chalmers.se (8.8.8/8.8.8) with SMTP id KAA15532
>     >   for FOO@localhost;
>     >   Fri, 6 Mar 1998 10:12:52 +0100 (MET)
>     >Date: Fri, 6 Mar 1998 10:12:52 +0100 (MET)
>     >Message-Id: <199803060912.KAA15532@localhost
>     >From: 
>     >To:
>     >Subject: Now you can easily have a mail server in your home.
> 
>     MX(arch.chalmers.se) = idefix.arch.chalmers.se/0, chalmers.se/100
> 
> EMS/RFMS seems to have two "interesting" features:
> 
>     1)	"MAIL From: <>"; i.e. there is no real From that can take
> 	legal action due to fraud etc. Smart.
>     
>     2)	It makes use of MX hosts that have higher cost than the best
> 	one. At first this could seem like it just legitimately uses
> 	MX-records, but the increase in traffic and bounces through
> 	the host we run, chalmers.se; secondary MX for *.chalmers.se,
> 	tells us this is not by chance, this is made by will.
> 
> 	In fact it's a clever way to prevent IP.src filtering at the
> 	destination hosts - if they refuse chalmers.se [129.16.1.1]
> 	then our entire MX-record system breaks down. Smart.
> 

Why use secondary MX?
The sending MTA will keep the mail in any case until 1'MX is up...

( please comment my opinion!! )

/Uffe






<<< Chronological >>> Author    Subject <<< Threads >>>