IETF Logo Mail Archive

Re: [Asrg] SPF's helo identity as a reporting target

Alessandro Vesely <vesely@tana.it> Mon, 14 May 2012 09:26 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E023321F8603 for <asrg@ietfa.amsl.com>; Mon, 14 May 2012 02:26:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[AWL=-0.183, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, J_CHICKENPOX_57=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sc9yWCh+M0sx for <asrg@ietfa.amsl.com>; Mon, 14 May 2012 02:26:08 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 1A55721F85F7 for <asrg@irtf.org>; Mon, 14 May 2012 02:26:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=test; t=1336987566; bh=KXCVl4WFfK6Ntovx6wGViQeMMHTF1O9o4Ni2krcCY/E=; l=693; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To: Content-Transfer-Encoding; b=bA0hJiPV8z7rIHFxDJ0XOA+ZhmpUQM4Cc3oaPdcHOt05bB2u+18DzMGA9wBjN79fV eVAxFvGfmSgl2djtUYF+5d7DJacm7jprWzwGC8h68jz6qNnF5Fl3/B50qKYL7Lj6jx tnhxm8wZfhbnrlS9HPsA7RM1kor+kWOjNHUZB5hk=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Mon, 14 May 2012 11:26:06 +0200 id 00000000005DC039.000000004FB0CFAE.000064E6
Message-ID: <4FB0CFAD.5040703@tana.it>
Date: Mon, 14 May 2012 11:26:05 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: asrg@irtf.org
References: <4FA8FBCA.3050904@tana.it> <4FAE187B.9030902@tana.it> <4FAEA20F.8090302@mustelids.ca> <4FAF85D0.8050305@tana.it> <4FAFFDB6.4020405@mustelids.ca> <4FB00224.7010500@tana.it> <4FB01201.9030209@mustelids.ca>
In-Reply-To: <4FB01201.9030209@mustelids.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] SPF's helo identity as a reporting target
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2012 09:26:09 -0000

On Mon 14/May/2012 10:34:06 +0200 Chris Lewis wrote:
> 
> Whoops, I meant:
> 
> _smtp.spammerdomain.com IN MX 0 wmail.tana.it
> 
> The spammer says "helo spammerdomain.com".

More or less.

> Postmaster sends complaint to abuse@_smtp.spammerdomain.com.
> 
> Where does that go?

That's plain abuse, though.  There must be loads of national laws that
the owner of that zone openly breaks.  Isn't that too much risky from
a legal POV, considering its effectiveness is probably less than other
kinds of DDoS?

   220 wmail.tana.it ESMTP
   HELO goofy.example
   250 wmail.tana.it Ok.
   MAIL FROM:<>
   250 Ok.
   RCPT TO:<abuse@spammerdomain.com>
   513 Relaying denied.
   QUIT
   221 Bye.

v2.8.7 | Report a Bug | By Email