IETF Logo Mail Archive

Re: [Asrg] various anti-spam techniques, was misconception in SPF

Rich Kulawiec <rsk@gsp.org> Fri, 07 December 2012 21:10 UTC

Return-Path: <rsk@gsp.org>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4960721F8AF9 for <asrg@ietfa.amsl.com>; Fri, 7 Dec 2012 13:10:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.227
X-Spam-Level:
X-Spam-Status: No, score=-6.227 tagged_above=-999 required=5 tests=[AWL=0.372, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1TnSJ68Y-X5z for <asrg@ietfa.amsl.com>; Fri, 7 Dec 2012 13:10:38 -0800 (PST)
Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by ietfa.amsl.com (Postfix) with ESMTP id A47E221F8925 for <asrg@irtf.org>; Fri, 7 Dec 2012 13:10:38 -0800 (PST)
Received: from gsp.org (bltmd-207.114.17.91.dsl.charm.net [207.114.17.91]) by taos.firemountain.net (8.14.5/8.14.5) with ESMTP id qB7LAZ3O020028 for <asrg@irtf.org>; Fri, 7 Dec 2012 16:10:36 -0500 (EST)
Date: Fri, 07 Dec 2012 16:10:30 -0500
From: Rich Kulawiec <rsk@gsp.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20121207211030.GA21509@gsp.org>
References: <50C244A6.1040402@pscs.co.uk> <20121207205003.18391.qmail@joyce.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20121207205003.18391.qmail@joyce.lan>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [Asrg] various anti-spam techniques, was misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 21:10:44 -0000

On Fri, Dec 07, 2012 at 08:50:03PM -0000, John Levine wrote:
> SMTP callbacks are one of those bad ideas that just won't go away.
> They're quite abusive (consider the 95% of mail that is spam with
> someone else's return address) and don't work, since your idea of what
> I should say in response to your MAIL FROM and RCPT TO commands is
> probably not the same as my idea of what I actually do say.

+1

And:

Callbacks enable DDoS-by-proxy attacks. [1]

And they violate a fundamental principle of network abuse mitigation:
never deal with bad traffic by generating more traffic, it doesn't scale.

Moreover: even if they worked perfectly, they'd still have no anti-spam
value.  Knowing that an address is valid tells you nothing about the
intentions of either (a) its putative owner or (b) the current owner,
who, as we know, are often not the same entity.

---rsk

[1]  Consider, as one scenario out of many possibilities: the target
is example.net.  Attacker registers example[1-500].info.  Attacker sets
MX for all 500 of those domains to the MX for example.net.  Attacker uses
50K bots to open 10 simultaneous connections each to 500K distinct MX's
for other domains.  All 500K of those MX's look at putative sender (e.g.,
user456@example123.info), look up MX for that domain (which is of course
the MX for example.net), open up a connection to it to do a callback...

v2.23.0 | Report a Bug | By Email