IETF Logo Mail Archive

Re: [Asrg] Some data on the validity of MAIL FROM addresses

wayne <wayne@midwestcs.com> Fri, 23 May 2003 17:27 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA15424 for <asrg-archive@odin.ietf.org>; Fri, 23 May 2003 13:27:53 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4NHRTl07271 for asrg-archive@odin.ietf.org; Fri, 23 May 2003 13:27:29 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4NHRTB07268 for <asrg-web-archive@optimus.ietf.org>; Fri, 23 May 2003 13:27:29 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA15410; Fri, 23 May 2003 13:27:23 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19JGIq-0007YQ-00; Fri, 23 May 2003 13:26:00 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19JGIp-0007YN-00; Fri, 23 May 2003 13:25:59 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4NHKbB05347; Fri, 23 May 2003 13:20:37 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4N38vB32382 for <asrg@optimus.ietf.org>; Thu, 22 May 2003 23:08:57 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA10385 for <asrg@ietf.org>; Thu, 22 May 2003 23:40:52 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19J3Oz-0000WB-00 for asrg@ietf.org; Thu, 22 May 2003 23:39:29 -0400
Received: from midwestcs.com ([206.222.212.234] helo=backbone.midwestcs.com) by ietf-mx with esmtp (Exim 4.12) id 19J3Oz-0000W8-00 for asrg@ietf.org; Thu, 22 May 2003 23:39:29 -0400
Received: from footbone.midwestcs.com ([206.222.212.237] helo=midwestcs.com) by backbone.midwestcs.com with esmtp (Exim 3.35 #1 (Debian)) id 19J3QF-0003BN-00 for <asrg@ietf.org>; Thu, 22 May 2003 22:40:47 -0500
To: asrg@ietf.org
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
References: <p06001227baeddbf491c3@[192.168.1.104]> <200305190208.h4J28JNw009481@calcite.rhyolite.com>
From: wayne <wayne@midwestcs.com>
Content-Type: text/plain; charset="US-ASCII"
In-Reply-To: <200305190208.h4J28JNw009481@calcite.rhyolite.com> (Vernon Schryver's message of "Sun, 18 May 2003 20:08:19 -0600 (MDT)")
Message-ID: <x4n0hes535.fsf@footbone.midwestcs.com>
User-Agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Portable Code, linux)
MIME-Version: 1.0
X-Scanner: exiscan *19J3QF-0003BN-00*6I/jh6N3Ulg*
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 22 May 2003 22:40:46 -0500

In <200305190208.h4J28JNw009481@calcite.rhyolite.com> Vernon Schryver <vjs@calcite.rhyolite.com> writes:

> ] From: Kee Hinckley <nazgul@somewhere.com>
>
> ] ...
> ] Understood.  One reason I chose a recent sample was to try and avoid 
> ] missing accounts due shutdown.  Those tests were run within 24 hours 
> ] of the time I received the email.  Of course, we have no way of 
> ] knowing when the spammer set up their software, or how long they've 
> ] been using that particular account.
>
> Some people use (or talk about using) a Rcpt_To test on sender
> addresses to detect spam.  Their false positive and negative ratios
> would be interesting.

I run exim with "sender_verify_hosts_callback" enabled.  This causes
exim to connect back to the sending domain and uses a "MAIL FROM:<>",
"RCPT TO:<envelope_from@sending.domain>" pair off commands to make
sure a potential bounce would be accepted.

It rejects quite a bit of email, but probably 60-80% of the spam
passes the test.

From what I can tell, the false positives are very low.  While systems
may not reject an invalid email address immediately, they shouldn't
ever reject valid email addresses.  The biggest problem I've had has
been with some yahoo groups mailing lists where Yahoo's "bounce MTA"s
were refusing connections.  In this situation, exim would give a
temporary failure, and Yahoo would try again, but only a few times.  I
ended up adding a special case exception for them.


-wayne

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.29.0 | Report a Bug | By Email | System Status