Re: [Asrg] Some data on the validity of MAIL FROM addresses

Vernon Schryver <vjs@calcite.rhyolite.com> Sun, 18 May 2003 23:20 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA20424 for <asrg-archive@odin.ietf.org>; Sun, 18 May 2003 19:20:07 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4IMml712866 for asrg-archive@odin.ietf.org; Sun, 18 May 2003 18:48:47 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4IMmlB12863 for <asrg-web-archive@optimus.ietf.org>; Sun, 18 May 2003 18:48:47 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA20417; Sun, 18 May 2003 19:19:36 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HXT4-0005uX-00; Sun, 18 May 2003 19:21:26 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19HXT4-0005uU-00; Sun, 18 May 2003 19:21:26 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4IMiJB12762; Sun, 18 May 2003 18:44:19 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4IMhMB12731 for <asrg@optimus.ietf.org>; Sun, 18 May 2003 18:43:22 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA20352 for <asrg@ietf.org>; Sun, 18 May 2003 19:14:11 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HXNp-0005tg-00 for asrg@ietf.org; Sun, 18 May 2003 19:16:01 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19HXNo-0005td-00 for asrg@ietf.org; Sun, 18 May 2003 19:16:00 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.9/8.12.9) id h4INHBck008689 for asrg@ietf.org env-from <vjs>; Sun, 18 May 2003 17:17:11 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200305182317.h4INHBck008689@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
References: <5.2.0.9.2.20030518145058.00bdceb0@std5.imagineis.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 18 May 2003 17:17:11 -0600

> From: Yakov Shafranovich <research@solidmatrix.com>

> >spam messages have valid MAIL FROM's.  That means that bounces will
> >go the the spammer.  This has significant ramifications for C/R
> >systems (especially auto-respond ones) since it means that should
> >they have to, spammers could respond to challenges.
>
> I believe that we mentioned before, that if the sender's system supports 
> C/R and keeps track of all outgoing messages, then it can compare the 
> X-CR-Recipient: header against the list of email addresses this user send 
> email to. This avoids the problem of spammers using a real email address 
> for the FROM addresses. However, if the spammers themselves are operating 
> the mail servers there is nothing we can do but at the last we would know 
> where the email came from and we can track it down.

If spammers have valid return addresses, then what distinguishes challenges
of their mail or their responses from the same for anyone else?

Are you assuming that legitimate mail comes only the system named
by the sender domain?  That restriction is similar to but stronger
than the basic RMX assumption.

Are you expecting not only that distant users will respond to challenges,
but that their ISPs will modify their MTAs to maintain databases of
all addresses to which their users have sent mail?  If so, that
seems...implausible.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg