Re: [Asrg] SPF's helo identity as a reporting target
Chris Lewis <clewis+ietf@mustelids.ca> Sat, 12 May 2012 17:47 UTC
Return-Path: <clewis+ietf@mustelids.ca>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id EFF1B21F85B8 for <asrg@ietfa.amsl.com>;
Sat, 12 May 2012 10:47:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.552
X-Spam-Level: *
X-Spam-Status: No,
score=1.552 tagged_above=-999 required=5 tests=[BAYES_50=0.001,
FH_RELAY_NODNS=1.451, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lO5-3rEOQL43 for
<asrg@ietfa.amsl.com>; Sat, 12 May 2012 10:47:01 -0700 (PDT)
Received: from mail.mustelids.ca (unknown [174.35.130.2]) by ietfa.amsl.com
(Postfix) with ESMTP id 033F221F858F for <asrg@irtf.org>;
Sat, 12 May 2012 10:47:00 -0700 (PDT)
Received: from [192.168.0.8] (otter.mustelids.ca [192.168.0.8]) (authenticated
bits=0) by mail.mustelids.ca (8.14.4/8.14.4/Debian-2ubuntu2) with ESMTP id
q4CHktbE006831 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256
verify=NOT) for <asrg@irtf.org>; Sat, 12 May 2012 13:46:56 -0400
X-DKIM: Sendmail DKIM Filter v2.8.3 mail.mustelids.ca q4CHktbE006831
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mustelids.ca;
s=default.private; t=1336844816;
bh=6rVwc8g4XyphF0Vna34EGYfGbR05r0H6URAIJJsfHSk=;
h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding;
b=1fbYF9KKRo0wH6izCwST5Tc+E0ybWOkrSQ2mB5Dj6SqP0hj8NPIWG8zBJfSYKsNQ5
vOE/c7ffzGTlKeBI6HVyPgVGkLmYp5tO/VMT7tPBJfY2chxXMNqg2neevzfptHcH+s
hTT1uYunp66Ewk8bSYyIlbkaNXiRcJMzd3l7mHH8=
Message-ID: <4FAEA20F.8090302@mustelids.ca>
Date: Sat, 12 May 2012 13:46:55 -0400
From: Chris Lewis <clewis+ietf@mustelids.ca>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;
rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version: 1.0
To: asrg@irtf.org
References: <4FA8FBCA.3050904@tana.it> <4FAE187B.9030902@tana.it>
In-Reply-To: <4FAE187B.9030902@tana.it>
X-Enigmail-Version: 1.5pre
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] SPF's helo identity as a reporting target
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 May 2012 17:47:02 -0000
On 12-05-12 03:59 AM, Alessandro Vesely wrote: > This probably belongs to ASRG, not only because MARF has finished, but > also because a *Taxonomy of reporting targets* should be hosted > somewhere, and I'm unable to think of a better place than this list's > wiki. > > Opinions? It would be nice if it could be made usable. This would tend to make a large organization having all of their servers helo exactly the same way, which flies in the face of industry BCP (eg: MAAWG), and even if it wasn't specifically RFC5321-illegal, clearly violates its intent. Or they use wildcarded MXes. Ick. Makes "divisional" abuse addresses very difficult. Or use the registration level domain (lop off the non-registration level FQDN qualifiers) - makes "divisional" abuse addresses impossible, and the registration level domain chop is real hard to do with some tlds. The absolute death of this proposal is, tho, that it puts the abuse reporting address under the control of the spammer and becomes a DDOS weapon. I could just see it - it gets implemented for tana.it, and the next day's blast of 10 billion cutwail botnet spams uses "HELO tana.it". Kaboom!!!
- [Asrg] SPF's helo identity as a reporting target Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- [Asrg] Reporting targets, was SPF's helo identity… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Rich Kulawiec
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Douglas Otis