Re: [Asrg] Iteration #3.

Daniel Feenberg <feenberg@nber.org> Sun, 07 February 2010 12:16 UTC

Return-Path: <feenberg@nber.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 04AC93A6DB0 for <asrg@core3.amsl.com>; Sun, 7 Feb 2010 04:16:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.69
X-Spam-Level:
X-Spam-Status: No, score=-4.69 tagged_above=-999 required=5 tests=[AWL=-1.721, BAYES_00=-2.599, FB_INCREASE_VOL=3.629, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pm3ZBIlqqCyF for <asrg@core3.amsl.com>; Sun, 7 Feb 2010 04:16:29 -0800 (PST)
Received: from mail2.nber.org (mail2.nber.org [66.251.72.79]) by core3.amsl.com (Postfix) with ESMTP id 7DDDE3A6BCA for <asrg@irtf.org>; Sun, 7 Feb 2010 04:16:28 -0800 (PST)
Received: from nber6.nber.org (nber6.nber.org [66.251.72.76]) by mail2.nber.org (8.14.3/8.13.8) with ESMTP id o17CHMPq084814 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT); Sun, 7 Feb 2010 07:17:23 -0500 (EST) (envelope-from feenberg@nber.org)
Received: from nber6.nber.org (localhost [127.0.0.1]) by nber6.nber.org (8.13.8+Sun/8.12.10) with ESMTP id o17CG3QP013499; Sun, 7 Feb 2010 07:16:03 -0500 (EST)
Received: from localhost (Unknown UID 1079@localhost) by nber6.nber.org (8.13.8+Sun/8.13.8/Submit) with ESMTP id o17CG2U4013496; Sun, 7 Feb 2010 07:16:03 -0500 (EST)
X-Authentication-Warning: nber6.nber.org: Unknown UID 1079 owned process doing -bs
Date: Sun, 7 Feb 2010 07:16:01 -0500 (EST)
From: Daniel Feenberg <feenberg@nber.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <Pine.GSO.4.62.1002062028030.11995@spaz.oit.wmich.edu>
Message-ID: <Pine.GSO.4.64.1002070712530.12859@nber6.nber.org>
References: <4B6C6D35.1050101@nortel.com> <Pine.GSO.4.62.1002060114540.11995@spaz.oit.wmich.edu> <4B6DA82A.5080008@nortel.com> <Pine.GSO.4.62.1002062028030.11995@spaz.oit.wmich.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE, bases: 20100206 #3442232, check: 20100207 clean
Subject: Re: [Asrg] Iteration #3.
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2010 12:16:33 -0000

On Sat, 6 Feb 2010, Derek Diget wrote:

>
> On Feb 6, 2010 at 12:34 -0500, Chris Lewis wrote:
> =>Derek Diget wrote:
> =>
> =>> =>This also allows <domain> to use DNS to map them to somewhere else
> =>> entirely.
> =>>
> =>> -1 for having a "standard" address.  Let sites decided.  Some might want
> =>> them to go to abuse@, spam@, devnull@, spam-training@anti-spam.vendor.
> =>
> =>Defeats the purpose of self-configuration, UNLESS the mailstore provider can
> =>automatically provide it.  See my posting under "We don't need no stinking..."
> =>for a method to do it with TXT records.
>
> One of the problems I have with publishing "private" (spammers and DNS
> walkers don't need to know this stuff) configuration information is that
> people that don't need to know it can get it.  Using SRV records to
> auto-config MUA retrieval and MSA settings or XMPP clients are different
> in that knowing those settings can't be abused unless you have a valid
> authentication credential.  Whereas, publishing an e-mail address is
> just asking for it to abused.  (Heck, how many spammers are not smart
> enough to list wash abuse@, postmaster@ and the other role accounts
> from their lists.  Do you think they won't start sending non-ARF
> messages (regular) spam to the TiS reporting address.  (Yes, some would
> say that is good as it will just help block/filter them, but I am
> thinking more about the increase in volume to the TiS reporting
> address.)
>
> I am also thinking of spammers walking DNS and getting the reporting
> addresses and then sending ham to it to try to mess up the sites that
> might be automatically processing their TiS messages.  If the reporting
> address is in a header then they (spammer) would have a harder time
> getting the address.  (Yes, with all of the compromised PCs, free
> accounts, etc they can still probably get it anyways.)

For this reason the MTA operator would probably want to discard messages 
to the arf reporting address unless they were submitted via the MSA 
submission port, or came from inside the MTA operators own network. These 
are the same criteria that determine if a message is acceptable for relay, 
and so should easily be programmed in the MTA software.

Daniel Feenberg