IETF Logo Mail Archive

Re: [Asrg] Some data on the validity of MAIL FROM addresses

Daniel Feenberg <feenberg@nber.org> Tue, 20 May 2003 20:40 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA29377 for <asrg-archive@odin.ietf.org>; Tue, 20 May 2003 16:40:15 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4KK6hk31785 for asrg-archive@odin.ietf.org; Tue, 20 May 2003 16:06:43 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4KK6hB31782 for <asrg-web-archive@optimus.ietf.org>; Tue, 20 May 2003 16:06:43 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA29293; Tue, 20 May 2003 16:39:44 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19IDsP-0000WI-00; Tue, 20 May 2003 16:38:25 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19IDsO-0000WF-00; Tue, 20 May 2003 16:38:24 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4KK33B31682; Tue, 20 May 2003 16:03:03 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4KK2BB31651 for <asrg@optimus.ietf.org>; Tue, 20 May 2003 16:02:11 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA29243 for <asrg@ietf.org>; Tue, 20 May 2003 16:35:13 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19IDo1-0000VZ-00 for asrg@ietf.org; Tue, 20 May 2003 16:33:53 -0400
Received: from nber13.nber.org ([207.113.108.238]) by ietf-mx with esmtp (Exim 4.12) id 19IDo0-0000VW-00 for asrg@ietf.org; Tue, 20 May 2003 16:33:52 -0400
Received: from nber13.nber.org (localhost.nber.org [127.0.0.1]) by nber13.nber.org (8.12.3/8.12.3) with ESMTP id h4KKZCul023462 for <asrg@ietf.org.KAV>; Tue, 20 May 2003 16:35:12 -0400 (EDT)
Received: (from root@localhost) by nber13.nber.org (8.12.3/8.12.3/Submit) id h4KKZCrE023461 for asrg@ietf.org.KAV; Tue, 20 May 2003 16:35:12 -0400 (EDT)
Received: from nber1.nber.org (nber1.nber.org [207.113.108.252]) by nber13.nber.org (8.12.3/8.12.3) with ESMTP id h4KKZBum023453; Tue, 20 May 2003 16:35:11 -0400 (EDT)
From: Daniel Feenberg <feenberg@nber.org>
To: Michael Rubel <asrg@mikerubel.org>
cc: Yakov Shafranovich <research@solidmatrix.com>, asrg@ietf.org
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
In-Reply-To: <Pine.LNX.4.44.0305201142590.1499-100000@entropy.galcit.caltech.edu>
Message-ID: <Pine.GSO.4.10.10305201621030.8831-100000@nber1.nber.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 20 May 2003 16:35:11 -0400


On Tue, 20 May 2003, Michael Rubel wrote:

> There are strong reasons to prefer accept-then-bounce or even filter to 
> reject.
> 
> (1) Reject gives feedback about your system to would-be bad
>     guys--including dictionary spammers--in a much faster and more 
>     reliable way.  Sysadmins rightly want to give out as little 
>     information as possible, because that's standard practice anywhere
>     security is involved.
> 
> (2) Reject is a less flexible mechanism.  Accept-then-bounce or filter 
>     allows recipients to work around certain obselete or overzealous
>     systems.
> 
> (3) Senders have come to understand that messages get incorrectly
>     filtered as spam sometimes; they no longer expect to recieve an
>     immediate rejection if there is a problem delivering a message.
> 

Does everyone doing wrong have to work so hard to entice others into sin
as some members of this list are wont to do?

Accept and discard is a very bad system. I understand that some software 
will do content filtering no other way, but that doesn't make it worthy
of advocacy. 

If you use it, primarily your customers/users will be the losers, but why
encourage others to do the same? It raises the possibility of false
positives disappearing into black holes into a certainty, removes any
chance of directing the customers of spam friendly ISPs to instructive web
sites explaining why their mail was rejected, and generally relieves
spam-friendly ISPs of ever having to explain to customers why their mail
is being lost. 

Is it possible to seriously claim it is a "security precaution" - there is 
no shame on this list?

If widely adopted, it would discourage rather than encourage spam
prevention technology, as all missing mail would be blamed on spam
control.

With respect to (3), legitimate users may not expect immediate rejection,
but they expect some notice, and a DSN notice for spam is not very
practical, since there is no verifiable address to send it to. Do you send
a DSN for undeliverable spam? For deliverable spam?

Now that half of email is spam, is it really believable that accepting all
mail and processing spam rejections later will increase capacity? 

Lastly, the last time I looked at the Maps site, they had instructions for
virtually every MTA written in the last decade, and many earlier ones. So
at the very least, RBLs can be used (and will reject at SMTP dialog) by
nearly any site. It is only content based filters that may not be easily
used before the connection is completed. 





_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.31.3 | Report a Bug | By Email | System Status