Re: Spam catcher
"John Levine" <johnl@taugh.com> Fri, 22 April 2016 16:38 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3D912DF86 for <ietf@ietfa.amsl.com>; Fri, 22 Apr 2016 09:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fIirTMMQyUio for <ietf@ietfa.amsl.com>; Fri, 22 Apr 2016 09:38:46 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B102512D508 for <ietf@ietf.org>; Fri, 22 Apr 2016 09:38:45 -0700 (PDT)
Received: (qmail 88117 invoked from network); 22 Apr 2016 16:38:44 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 22 Apr 2016 16:38:44 -0000
Date: Fri, 22 Apr 2016 16:38:22 -0000
Message-ID: <20160422163822.29642.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: Spam catcher
In-Reply-To: <94486323.183663.1461318295153.JavaMail.yahoo@mail.yahoo.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/PLEIiHv1EmM0BqC9QqUMWBik_0o>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2016 16:38:47 -0000
>Would it help to stop spam by recording the IP address of the originating server when open SMTP relays collect mail? Record >the IP address in the body of the e-mail, and record an IP address at each hop. Establish a chain of custody so I can track >an e-mail back to the source IP address. Short answer: no. Open SMTP relays disappeared a decade ago when spammers started abusing them, and SMTP servers have always recorded the incoming IP addresss in Received headers. As someone else noted, once you get more than one hop, you have no reason to believe the Received headers unless you know the relaying host is reliable (in which case it's unlikely to have a spam problem.) DKIM offers some help in identifying the originating, or at least the signing server. ARC is a work in progress to try to provide a signed chain of DKIM like headers. In my experience, other than a few narrow cases related to mailing lists, trying to filter based on IPs beyond the immediately connecting host isn't very effective. The same IP could have a legit user sending real mail and a botnet sending spam. R's, John
- Re: Spam catcher John Levine
- Spam catcher Howard Hong
- Re: Spam catcher Dave Cridland
- Re: Spam catcher Niels Dettenbach (Syndicat.com)