Re: [Asrg] Spammer responses to SPF

Markus Stumpf <> Tue, 17 June 2003 18:15 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id OAA29893 for <>; Tue, 17 Jun 2003 14:15:55 -0400 (EDT)
Received: (from exim@localhost) by (8.11.6/8.11.6) id h5HIFRw12910 for; Tue, 17 Jun 2003 14:15:27 -0400
Received: from ([] by with esmtp (Exim 4.20) id 19SKu2-0002dm-Hv for; Tue, 17 Jun 2003 14:09:54 -0400
Received: from ietf-mx ( []) by (8.9.1a/8.9.1a) with ESMTP id OAA29228; Tue, 17 Jun 2003 14:09:51 -0400 (EDT)
Received: from ietf-mx ([]) by ietf-mx with esmtp (Exim 4.12) id 19SKrn-0002Vp-00; Tue, 17 Jun 2003 14:07:35 -0400
Received: from ([] by ietf-mx with esmtp (Exim 4.12) id 19SKrm-0002Vm-00; Tue, 17 Jun 2003 14:07:34 -0400
Received: from (localhost.localdomain []) by (8.11.6/8.11.6) with ESMTP id h5HBA2a18291; Tue, 17 Jun 2003 07:10:02 -0400
Received: from ( []) by (8.11.6/8.11.6) with ESMTP id h5HB9fm18226 for <>; Tue, 17 Jun 2003 07:09:41 -0400
Received: from ietf-mx ( []) by (8.9.1a/8.9.1a) with ESMTP id HAA06896 for <>; Tue, 17 Jun 2003 07:09:37 -0400 (EDT)
Received: from ietf-mx ([]) by ietf-mx with esmtp (Exim 4.12) id 19SEJ8-0004vg-00 for; Tue, 17 Jun 2003 07:07:22 -0400
Received: from ([] ident=qmailr) by ietf-mx with smtp (Exim 4.12) id 19SEJ7-0004vc-00 for; Tue, 17 Jun 2003 07:07:21 -0400
Received: (qmail 58666 invoked by uid 1013); 17 Jun 2003 11:09:37 -0000
From: Markus Stumpf <>
To: Scott Nelson <>
Subject: Re: [Asrg] Spammer responses to SPF
Message-ID: <20030617130937.O57133@Space.Net>
References: <aT5vaIe86J8qbrGpE02@x>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/
In-Reply-To: <aT5vaIe86J8qbrGpE02@x>; from on Mon, Jun 16, 2003 at 03:04:47PM -0700
Organization: SpaceNet AG, Muenchen, Germany
X-PGP-Fingerprint: 66 F3 75 79 01 D0 B8 5F 1A C7 77 88 4A B6 70 DF
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <>, <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
List-Archive: <>
Date: Tue, 17 Jun 2003 13:09:37 +0200

On Mon, Jun 16, 2003 at 03:04:47PM -0700, Scott Nelson wrote:
> I don't think so.  First, only people who don't understand what
> empty envelope sender means will block them all.  
> I'm guessing that's a majority of the end users,
> but not a significant fraction of the people who make the
> mail system work.

Have you ever been on a MTA mailing list?
There are some ten messages a week "how can I block <> for MTA xyz".
I see about 30-40 each day that generate double bounces because "empty
senders are not allowed".

> Spam with an empty envelope isn't ever going to be effective, 
> since most will filter it out.  Also, more effective blocking
> of "empties" that aren't DSNs is possible.  We just don't do it
> (yet) because there isn't much call for it.   For example,
> only accepting a standardized bounce (i.e. one following RFC 1894) 
> would stop most of the spam but only a tiny fraction of the real DSNs.

How about all the "robots" or CR systems that send their mails with
empty envelope senders, because they don't want an answer if the
challenge was faked. How about all the autoresponders?
There are lots of valid emails with empty envelopes.

> is limited to that state.  So we lose some reliability
> (because a few real DSNs will be discarded) but we'd still have
> enough to keep the system mostly reliable.

Sorry, I don't think it's reliable if bounces get lost. Just like
discarding spam qualified emails automatically is .. hmmm .. unwise,
because if it's a false classification the sender has no chance to get
informed what happend. At times where email is considered a trustworthy
medium this is unacceptable.

> This may seem a trivial distinction, but I think it's important.
> We aren't facing an enemy army, with a cohesive leadership, 
> it's more like a thousand guerrillas.

And I surely don't stop aguing that a TXT record with the contents
"MAILSERVER" in reverse DNS would be much faster and easier deployed
and effective than RMX or companions. And it would save us from
accepting email from all the broken workstations, homecomputers, open
proxies and virus infected hosts that never had been intended to be a

And I yet have to see that RMX or companions save us from the problem
to order some hundred type domains, use short
TTLs (5-10 seconds) and add RMX records for the open relays that are
abused right now. The next thing surely will be that TTLs < 86400 for
RMX records are forbidden ...

Yeah I know, reverse DNS is lame.


SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"
Asrg mailing list