Re: [Asrg] SPF's helo identity as a reporting target
Douglas Otis <dotis@mail-abuse.org> Mon, 14 May 2012 17:41 UTC
Return-Path: <dotis@mail-abuse.org>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 56E4B21F8920 for <asrg@ietfa.amsl.com>;
Mon, 14 May 2012 10:41:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.505
X-Spam-Level:
X-Spam-Status: No, score=-102.505 tagged_above=-999 required=5 tests=[AWL=0.094,
BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jq8goiLBdl7t for
<asrg@ietfa.amsl.com>; Mon, 14 May 2012 10:41:12 -0700 (PDT)
Received: from mailserv.mail-abuse.org (mailserv.mail-abuse.org
[150.70.98.118]) by ietfa.amsl.com (Postfix) with ESMTP id B0AF721F878A for
<asrg@irtf.org>; Mon, 14 May 2012 10:41:12 -0700 (PDT)
Received: from US-DOUGO-MAC.local (unknown [10.31.37.8]) by
mailserv.mail-abuse.org (Postfix) with ESMTPSA id 7F64A174014D for
<asrg@irtf.org>; Mon, 14 May 2012 17:41:12 +0000 (UTC)
Message-ID: <4FB143B8.4080306@mail-abuse.org>
Date: Mon, 14 May 2012 10:41:12 -0700
From: Douglas Otis <dotis@mail-abuse.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: asrg@irtf.org
References: <4FA8FBCA.3050904@tana.it> <4FAE187B.9030902@tana.it>
<4FAEA20F.8090302@mustelids.ca> <4FAF85D0.8050305@tana.it>
<4FAFFDB6.4020405@mustelids.ca> <4FB00224.7010500@tana.it>
<4FB01201.9030209@mustelids.ca> <4FB0CFAD.5040703@tana.it>
<4FB110E7.1040803@mustelids.ca> <4FB11803.2080401@tana.it>
In-Reply-To: <4FB11803.2080401@tana.it>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] SPF's helo identity as a reporting target
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2012 17:41:13 -0000
On 5/14/12 7:34 AM, Alessandro Vesely wrote: > On Mon 14/May/2012 16:19:57 +0200 Chris Lewis wrote: > > On 12-05-14 05:26 AM, Alessandro Vesely wrote: > > > >> There must be loads of national laws that the owner of that zone > >> openly breaks. Isn't that too much risky from a legal POV, > >> considering its effectiveness is probably less than other kinds > >> of DDoS? > > > > Who said anything about a deliberate DDOS? Think of it as spam > > with electronic countermeasures designed to confuse, confound and > > distract the recipients and third parties. > > Whatever the intent, I should get your permission before asserting > that your server serves me. Shouldn't I? Then, yes, I suppose some > judges still have difficulties understanding Internet protocols. > > > Just like they already do. > > > > "national laws ... openly breaks". You can say that with a > > straight face considering that 80-90% of all spam already does? > > I don't have specific experience, but it seems to me that when > spammers leave enough evidence behind them they can be taken to > court. > > >> 220 wmail.tana.it ESMTP > > > > Big enough, the recipient site still loses before the 220. > > You're right. Rejecting is cheap, but still bears a cost. Dear Alessandro and Chris, Since RFC821, HELO/EHLO was defined as FQDN SMTP hostnames. There is no reason additional policy assertions such as those proposed for DMARC could not include authenticated email EHLO/HELO acceptance with a hostname from their domain, whether by a forward reference to an address list, or an SPF resource record. The domain validated would be determined by the domain of the SPF record and not by an SPF mechanism as Chris suggested. The goal of DMARC is to offer a safe method to reject messages in a way not likely to create support calls for receivers. A policy that can be extended to individual SMTP servers controlled by domains making compliance assertions should offer safe rejections having lower cost than message filtering or rejections based on the SMTP mail parameter. The mistake made by DMARC was not considering HELO/ELHO alignment against the parent domain rather than the hostname. Regards, Douglas Otis.
- [Asrg] SPF's helo identity as a reporting target Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- [Asrg] Reporting targets, was SPF's helo identity… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Chris Lewis
- Re: [Asrg] SPF's helo identity as a reporting tar… Rich Kulawiec
- Re: [Asrg] SPF's helo identity as a reporting tar… Alessandro Vesely
- Re: [Asrg] SPF's helo identity as a reporting tar… Douglas Otis