Re: [anti-spam-wg@ripe.net] Anti-Spam measures
- Date: Wed, 26 May 2004 19:18:44 +0200
- Organization: SpaceNet AG, Muenchen, Germany
Hoi David,
On Wed, May 26, 2004 at 10:01:47AM +0100, David Bell wrote:
> 1. I notice that a large portion of SPAM doesn't have a valid return
> address. My thoughts are that the SMTP server receiving any email should do
> a reverse check, to confirm with the sending domain that the 'from' address
> is valid
This is deprecated. It would be heaven for spammers to hammer a
distributed dictionary attack (talk some 100000 0wned hosts) against
this validation service and easily get a list of valid email accounts.
This would increase their address hit rate about 95% and make their
business more efficent and profitable.
> The receiving SMTP server (or this could be a SPAM checker on my desktop)
> would receive a email from dave@localhost, and would check with my domain
> that I have actually sent a message recently, and it can determine the
> likeliness that I really sent this email. I know that a lot of people only
> send email once or twice a week, so this would work especially well from
> these addresses.
Define recently? We do backup MX for a lot of customers. Sometimes their
MTA is down (due to different reasons) for almost a week. We queue the
messages and as soon as their MTA comes back to life we send the
messages to them. Is one week still "recently"? And which mailserver
would they query? Also think of forwarding and mailing lists.
Our mailserver do some 100000 messages a day. Holding information about
each sender and email that passed our system online and with direct
access for n days is not an easy task. And then there are Mail Providers
like AOL that do a factor of 100 more.
> This idea can be taken forward in several directions, for instance a PGP key
> is in a header field, so when I'm using a different ISP's SMTP server, you
> can still check with example.com to confirm it's really from me. Another
> option would be to keep more specific details regarding emails I've sent, so
> the check with my domain can be more precise.
This is exactly what the Yahoo Domain Keys proposal tries to address.
In short: you put public keys in DNS for your domain and you mailserver
signs the message. Receiving MTAs can now check with the 2822.From and
the signed checksum and the public key whether this message is ok.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"