Re: [Asrg] various anti-spam techniques, was misconception in SPF

"John Levine" <johnl@taugh.com> Fri, 07 December 2012 20:50 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBFBF21F8BA0 for <asrg@ietfa.amsl.com>; Fri, 7 Dec 2012 12:50:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.152
X-Spam-Level:
X-Spam-Status: No, score=-105.152 tagged_above=-999 required=5 tests=[AWL=-0.553, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, MANGLED_SPAM=2.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hXee2F-R2Lab for <asrg@ietfa.amsl.com>; Fri, 7 Dec 2012 12:50:31 -0800 (PST)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id 03D4A21F8A94 for <asrg@irtf.org>; Fri, 7 Dec 2012 12:50:30 -0800 (PST)
Received: (qmail 50376 invoked from network); 7 Dec 2012 20:50:25 -0000
Received: from leila.iecc.com (64.57.183.34) by mail1.iecc.com with QMQP; 7 Dec 2012 20:50:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info; s=50c25691.xn--hew.k1211; i=johnl@user.iecc.com; bh=w8tllLYZbtBfsic9jdc0wcb/qfmyup/H4N2xlGSfKtk=; b=lMFGRVxg7+uqoscCdnovtLsr0yA8GKwEufuJz12vCQTbeiaJ1vNc4o5sINbt6pbCxFpe4X7Iz+3Y5rQsGg1uQvUqpA/qJnR3lJEyf5ALQKhzIxidHN/scInpGLnZqyjslYfF8S2zmv/6yAGISCKfU8NgsNbP3lhVGuPMJgt6ZVw=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info; s=50c25691.xn--hew.k1211; olt=johnl@user.iecc.com; bh=w8tllLYZbtBfsic9jdc0wcb/qfmyup/H4N2xlGSfKtk=; b=M/7l1A869pBVaZCXe3xL5wlWG78eAEyXIVsvWvAYwt46xqVhY6GEGllz5of+hJW3muNQIzWWc0UZO3YFFKTXc0r9tYFMwoP4iflooj575MX3arIGysvZOOPaS4nR0NxLC156+jbvabQag9zGO5xgetIkmypi2pCkoI0PZUvez/Y=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Date: Fri, 07 Dec 2012 20:50:03 -0000
Message-ID: <20121207205003.18391.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <50C244A6.1040402@pscs.co.uk>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] various anti-spam techniques, was misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 20:50:32 -0000

>With the former, I'd expect a large number of those messages to be 
>blocked/discarded (it's common to do call back verification, or just 
>simply check that the sender domain exists).

Checking that the sender domain exists is quite common, cheap, and has
a very low failure rate.

SMTP callbacks are one of those bad ideas that just won't go away.
They're quite abusive (consider the 95% of mail that is spam with
someone else's return address) and don't work, since your idea of what
I should say in response to your MAIL FROM and RCPT TO commands is
probably not the same as my idea of what I actually do say.

R's,
John

PS: The wiki at http://wiki.asrg.sp.am has a taxonomy of anti-spam
techniques, both the good and the bad.  See if your favorite or least
favorite is listed there, and if not, please add it.  If you don't
have a login to edit, just drop me a note and I'll give you one.