Re: [Asrg] What are the IPs that sends mail for a domain?
Ian Eiloart <iane@sussex.ac.uk> Mon, 22 June 2009 14:16 UTC
Return-Path: <iane@sussex.ac.uk>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA09C28C1BE for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 07:16:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.544
X-Spam-Level:
X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hL5vgtOrgYMl for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 07:16:04 -0700 (PDT)
Received: from lynndie.uscs.susx.ac.uk (lynndie.uscs.susx.ac.uk [139.184.14.87]) by core3.amsl.com (Postfix) with ESMTP id 6AB223A67F2 for <asrg@irtf.org>; Mon, 22 Jun 2009 07:16:04 -0700 (PDT)
Received: from lewes.staff.uscs.susx.ac.uk ([139.184.134.43]:51503) by lynndie.uscs.susx.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <iane@sussex.ac.uk>) id KLN912-000GBK-BV for asrg@irtf.org; Mon, 22 Jun 2009 15:17:26 +0100
Date: Mon, 22 Jun 2009 15:16:19 +0100
From: Ian Eiloart <iane@sussex.ac.uk>
Sender: iane@sussex.ac.uk
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <BBBA1F6A3752AE7B96888ECB@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <4A3F76B8.2030409@terabites.com>
References: <mailman.5.1245610801.29559.asrg@irtf.org> <4A3F76B8.2030409@terabites.com>
Originator-Info: login-token=Mulberry:01MNXN6Jk2O01xQiFKnPujSkBblk3uQpP7pUA=; token_authority=support@its.sussex.ac.uk
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2009 14:16:06 -0000
--On 22 June 2009 07:19:04 -0500 Gordon Peterson <gep2@terabites.com> wrote: > And the circle goes round and round. > > Periodically, I feel it necessary to point out some of the serious flaws > in all of these IP-based "authentication" type schemes. > > The first one has been pointed out, but perhaps not strongly enough. IT > IS STUPID AND COUNTERPRODUCTIVE TO BOUNCE NOTICE OF NON-DELIVERY TO > RECOGNIZED SPAM E-MAILS. It can double OR TRIPLE the bandwidth wasted by > the original spam, in part because (at least in the case of spam which > has been relayed one or more times) it is problematical to know WHO to > send the bounce message to. > > In my personal mailboxes I have (way) more than 50,000 archived > bounceback messages to e-mails which I have never sent... just because > they have a (forged, and generally invalid) From: address that is > supposedly in one of my domains. > > Since I haven't sent these messages (neither intentionally, nor by > irresponsible management of my systems here) there is NOTHING I can do to > prevent such messages. There is, actually. If you publish SPF records with a strong -all, then recipients can easily decide to reject (not bounce) messages. Add DKIM signatures, and they'll be able to tell when someone has forwarded your legitimate email. > Meanwhile, the handling of the (worthless) bounce > messages multiply by perhaps several times the bandwidth wasted due to > the original spam. > > Barracuda spam blocking systems are particularly irresponsible by > apparently not explaining to their users WHY bouncing spam back to the > sender is a Bad Idea, resulting in their (even less clever) users often > apparently leaving that option set. > > Also let me reiterate (as was pointed out) that sending inquiry messages > to try to authenticate a valid mail agent LIKEWISE multiplies the > bandwidth already wasted by the original spam. > > I believe that ultimately, the best way to deal with spam (okay, we're > talking principle here, not necessarily given existing, insufficiently > clever mail clients) is to simply deliver the spam to the recipient's > system, and let their system decide which mail is wanted, and which is > not, and to either simply delete or archive somewhere the mail which the > recipient user's rules determine is not wanted. I do not consider a > bounceback message to be necessary or even desirable if a message is > found to be spam/virus/phishing ... in part because you cannot reliably > determine who the original, legitimate sender is (even if there IS one) > to send the bounceback message to. > > Furthermore, and I've mentioned this before, my domains that I use for my > e-mail (including terabites.com) generally are handled by my domain > provider, although if I am away from home (say, at an Internet cafe, > perhaps onboard a cruise ship or airport kiosk or at a public library > somewhere, to name several examples) I (a) still want to use my own From: > address for reply or posting permission purposes, even though (b) I might > not have ANY say at all regarding what outgoing mail server(s) are used > for mail submitted from the location that I happen to be sending from. > The fact that I am sending outgoing mail though an unfamiliar and > inhabitual location doesn't mean that it's not legitimate, and I'm > certainly not going to switch my "From" address for such messages to some > other "From" address just because it matches somehow the mail server that > I happen to be sending through. > > The fact that it's easier, or cheaper, or otherwise "more efficient" to > do antispam blocking using some halfassed, braindead scheme which doesn't > work reliably or well for (even some admittedly small) legitimate mail > transmissions doesn't make that the right solution. > > Another situation is where an accounting system at one of my consulting > clients generates and sends electronic invoices, EFT notices, price > updates, etc to their customers. For these cases, it is VERY helpful for > their own inhouse outgoing LAN mail server (which maybe doesn't try to > handle incoming mail at all) is going to try to send outgoing mails... if > for no other reason than to have a local, inhouse log that evidences the > delivery of the e-mail not just to a relay somewhere, but actually to > (usually) the mail server associated with the destination indicated for > the e-mail message. It is FAR less useful to only have the company's > SMTP logs evidence to the delivery to an upstream ISP's outgoing mail > server. > > Yet another case is where a traveling salesperson connects via a > prospect's WiFi connection during a sales call visit on-site to his > customer, and where that host's corporate network policy blocks sending > of port 25 messages other than to/through that company's own outgoing > SMTP server. The same situation occurs when a private individual is on > holiday visiting (or staying with) a relative whose internet connection > is provided by a different provider. Again, sometimes legitimate mail > must be routed through an inhabitual outgoing mail server. > > Anyhow, these braindead schemes about trying to decide whether a mail > server is or is not supposed to be sending mail for a given return > address, or blocking all mail being forwarded by a widely shared mail > relay (based on its IP address) just because ONE of the (even tens or > hundreds of thousands of) users of that same relay happened to get > infected, is just insane. It's not sufficient that the scheme initially > looks appealing because it works "much" of the time. > > I still believe that a far better and more worthwhile direction for spam > blocking involves a combination of tools, probably much of it performed > at the receiving end, involving a finely grained discrimination tailored > to familiar versus unfamiliar (to the recipient) e-mail senders. This is > not unlike the way locks work... they generally provide a series of > grooves, chamfers and cuts (to the key BLANK!) which prevent the vast > majority of presented keys from even being inserted INTO the lock, before > the pins of the lock do the final determination based on how the > individual key has been cut. > > In the case of E-mail, the corresponding policy could screen incoming > e-mail messages based upon the characteristics _expected_ in e-mail > coming from specific individual (familiar) senders (this is not unlike > the technique that an intelligent human reader would use, when they open > an e-mail claiming to come from a company or friend and the e-mail upon > opening not looking "right" based on what we would expect that company or > friend to be sending. An example is cases where companies like Grouply > manage to convince naive users to provide Grouply with the user's e-mail > credentials, and where Grouply then uses the user's e-mail identity to > send Grouply's spam... and when the recipient opens the message, it > clearly doesn't look like an e-mail that Aunt Martha typically sends). > > E-mail coming from unfamiliar correspondents can be held to a (even much) > higher-than-usual standard regarding the ground rules for what is > acceptable and what is not. As a recipient, for example, I would be > willing to state that I don't want mail containing HTML or attachments > (or more than, say, 50K or 100K) from unfamiliar senders. That would > block (and in a robust way!) misrepresented HTML links (a key part of > most phishing exploits), malicious scripting, ActiveX exploits, > infectious attachments, and the like. It's also noteworthy that such a > policy blocks in one fell swoop nearly all the ruses and tricks that > spammers use to try to evade (SpamAssassin-like) antispam content > filtering... meaning that such filters suddenly become a great deal more > effective and reliable. > > It seems best if such filtering is largely done at the recipient user's > end, and preferably in conjunction with their mail software... so that if > they are looking for an expected e-mail message, and find it in their > spam folder, they can have (say) a simple dialog box pop up that offers > the user to "allow mail like this in the future from this sender." > > It makes it a significantly harder challenge for spammers and abusers to > evade antispam protections when they don't even know what criteria are > used by specific recipients, or what From addresses those recipients > might have "cut their (individual) keyway" to accept. (And again, note > that this is NOT just a simple 'whitelist' scheme... since it will accept > mail coming from unfamiliar senders, it only just holds such senders to a > particularly strict standard for what can, and must not be, contained in > the e-mails those unfamiliar senders send out.) -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/
- [Asrg] What are the IPs that sends mail for a dom… Franck Martin
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- Re: [Asrg] What are the IPs that sends mail for a… SM
- Re: [Asrg] What are the IPs that sends mail for a… John Johnson
- Re: [Asrg] What are the IPs that sends mail for a… Daniel Feenberg
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Lyndon Nerenberg
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… Franck Martin
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Franck Martin
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… Franck Martin
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- Re: [Asrg] reject and DSN, was What are the IPs John Levine
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Dotzero
- Re: [Asrg] What are the IPs that sends mail for a… Seth
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Paul Russell
- Re: [Asrg] What are the IPs that sends mail for a… Jeff Macdonald
- Re: [Asrg] What are the IPs that sends mail for a… Steve Atkins
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Daniel Feenberg
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Steve Atkins
- Re: [Asrg] What are the IPs that sends mail for a… Lyndon Nerenberg
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… J.D. Falk
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- Re: [Asrg] What are the IPs that sends mail for a… Dotzero
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Rich Kulawiec
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Rich Kulawiec
- Re: [Asrg] What are the IPs that sends mail for a… Rich Kulawiec
- Re: [Asrg] What are the IPs that sends mail for a… Daniel Feenberg
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- [Asrg] Proposed corollary to Godwin's law John Levine
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… David Wilson
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… J.D. Falk
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Franck Martin
- Re: [Asrg] What are the IPs that sends mail for a… Steve Atkins
- Re: [Asrg] What are the IPs that sends mail for a… David Nicol
- Re: [Asrg] What are the IPs that sends mail for a… Steve Atkins
- Re: [Asrg] What are the IPs that sends mail for a… Paul Russell
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… der Mouse
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Gordon Peterson
- Re: [Asrg] reject and DSN, was What are the IPs John Levine
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] "Affiliation" John Leslie
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Gordon Peterson
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Dotzero
- Re: [Asrg] What are the IPs that sends mail for a… Rich Kulawiec
- Re: [Asrg] What are the IPs that sends mail for a… Steve Atkins
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Seth
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] "Affiliation" Alessandro Vesely
- Re: [Asrg] reject and DSN, was What are the IPs Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] Proposed corollary to Godwin's law mathew
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… John Levine
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Rich Kulawiec
- Re: [Asrg] What are the IPs that sends mail for a… Dotzero
- Re: [Asrg] What are the IPs that sends mail for a… John Leslie
- Re: [Asrg] What are the IPs that sends mail for a… John Leslie
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] reject and DSN, was What are the IPs Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Dotzero
- Re: [Asrg] What are the IPs that sends mail for a… John Leslie
- Re: [Asrg] What are the IPs that sends mail for a… Dotzero
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… John Leslie
- Re: [Asrg] What are the IPs that sends mail for a… Dotzero
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] reject and DSN, was What are the IPs John Levine
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] reject and DSN, was What are the IPs Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] reject and DSN, was What are the IPs Chris Lewis
- Re: [Asrg] reject and DSN, was What are the IPs Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Steve Atkins
- Re: [Asrg] reject and DSN, was What are the IPs John Levine
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… Chris Lewis
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Chris Lewis
- Re: [Asrg] What are the IPs that sends mail for a… Chris Lewis
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Bill Cole
- Re: [Asrg] What are the IPs that sends mail for a… Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a… Alessandro Vesely
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… Peter Koch
- Re: [Asrg] What are the IPs that sends mail for a… Douglas Otis
- Re: [Asrg] What are the IPs that sends mail for a… David Nicol