Re: Spam catcher
Dave Cridland <dave@cridland.net> Fri, 22 April 2016 10:45 UTC
Return-Path: <dave@cridland.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CE8A12D6C1 for <ietf@ietfa.amsl.com>; Fri, 22 Apr 2016 03:45:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cridland.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mY1Jb2LnJk9W for <ietf@ietfa.amsl.com>; Fri, 22 Apr 2016 03:45:10 -0700 (PDT)
Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29E8212D1E0 for <ietf@ietf.org>; Fri, 22 Apr 2016 03:45:10 -0700 (PDT)
Received: by mail-ob0-x232.google.com with SMTP id n10so41171239obb.2 for <ietf@ietf.org>; Fri, 22 Apr 2016 03:45:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=/1o/PAzmyWrkUvVmgubsP1kj0jx4o7rzdGqH8hgr1Ok=; b=AOfnEY539JzJ2OfDWgF5JaAPBG962YPWULZrGHxkCmIcICgst97npBSd8RsgrKACz1 FP8R2B2UFF0deKYzATwSGUx/0GGbge1+/28uBZvuCKUxN3pOkT8vg+g76IT7MlQv0Wi9 Mj5fqM4wxvSu5TbdY2XCTYwdI2UW5RQCtKY9o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=/1o/PAzmyWrkUvVmgubsP1kj0jx4o7rzdGqH8hgr1Ok=; b=DVtHFETkrlcllNt4tyQn3xawkmZq9y/M2NHXHOmfJ3myVz4ikyBMpGD8IsXXqYrL2c hssh4ZfSyeMcfOYBgknnZIAbQaGBq6ecDh37yRWCd/cR3VpMGc0hZbh8uZ/Tlaab6tqU +sS/JU9UXpHWnXbA2NEJAuKq0igsej13Bj+rGzhcp6wNMOdxT7jpA9YB/jsPakMRFAdn jEVff+ljxvDrTpqr9W4zEXfrsBlcJdDge/8bGjXWWAo1sYY4FRi9XOhi6b6jJQcVK7Z4 VXDvPKCdFht/8yMsjKb53t7RfF9+1a3Qt7t09YJGGfnTQBSHsSz+K356yS6euPp0iKta Cfhg==
X-Gm-Message-State: AOPr4FVwiE5rzpSSsRM9+GED5W3nUpCtar45pdoFIQokIawvzjxRCK0swSfwPDR2sHxr/5U9QfoylCeX2BOPQcU2
MIME-Version: 1.0
X-Received: by 10.182.17.9 with SMTP id k9mr8250644obd.3.1461321909550; Fri, 22 Apr 2016 03:45:09 -0700 (PDT)
Received: by 10.157.8.46 with HTTP; Fri, 22 Apr 2016 03:45:09 -0700 (PDT)
In-Reply-To: <94486323.183663.1461318295153.JavaMail.yahoo@mail.yahoo.com>
References: <94486323.183663.1461318295153.JavaMail.yahoo.ref@mail.yahoo.com> <94486323.183663.1461318295153.JavaMail.yahoo@mail.yahoo.com>
Date: Fri, 22 Apr 2016 11:45:09 +0100
Message-ID: <CAKHUCzzzypTXDoDAHxFFhusRP-_K3r70juZzy3Xw9FUtPh0Mzg@mail.gmail.com>
Subject: Re: Spam catcher
From: Dave Cridland <dave@cridland.net>
To: Howard Hong <howahong37@yahoo.com>
Content-Type: multipart/alternative; boundary="f46d0444745b525ef50531108518"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/qYRgc3nsJb3FFmbTayjxL2oZWrg>
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2016 10:45:11 -0000
Howard, It would, and does, to some degree - the trace header fields (particularly Received) specify exactly this in RFC 5321 and RFC 5322. The problem is that these can be faked by various means. DKIM extends this to provide cryptographic proof of the chain of custody, too. So while one cannot find the originating IP address, one can find the last known good server in the presented custody chain with some effort and reasonable reliability. This doesn't stop spam in its tracks, of course, but as you note it does help. Dave. On 22 April 2016 at 10:44, Howard Hong <howahong37@yahoo.com> wrote: > Hello, > > Would it help to stop spam by recording the IP address of the originating > server when open SMTP relays collect mail? Record the IP address in the > body of the e-mail, and record an IP address at each hop. Establish a chain > of custody so I can track an e-mail back to the source IP address. > > Thanks, > Howard Hong >
- Re: Spam catcher John Levine
- Spam catcher Howard Hong
- Re: Spam catcher Dave Cridland
- Re: Spam catcher Niels Dettenbach (Syndicat.com)