[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] whitelisting server and not users

To: Daniel Feenberg <feenberg@nber.org>
Subject: Re: [Asrg] whitelisting server and not users
From: Steven F Siirila <sfs@tc.umn.edu>
Date: Wed, 2 Apr 2003 15:26:15 -0600
Cc: Steven F Siirila <sfs@tc.umn.edu>, Kee Hinckley <nazgul@somewhere.com>, Markus Stumpf <maex-lists-spam-ietf-asrg@space.net>, "asrg@ietf.org" <asrg@ietf.org>
In-reply-to: <Pine.GSO.4.10.10304021617480.20177-100000@nber1.nber.org>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20030402211058.GA12201@earth.tc.umn.edu> <Pine.GSO.4.10.10304021617480.20177-100000@nber1.nber.org>
Sender: asrg-admin@ietf.org
User-agent: Mutt/1.4.1i

On Wed, Apr 02, 2003 at 04:21:37PM -0500, Daniel Feenberg wrote:
> 
> On Wed, 2 Apr 2003, Steven F Siirila wrote:
> 
> > On Wed, Apr 02, 2003 at 04:06:32PM -0500, Kee Hinckley wrote:
> > > At 3:00 PM -0600 4/2/03, Steven F Siirila wrote:
> > Not a problem here since we also look up the EHLO name.  If that resolves
> > to the caller's IP address, it counts as good as a PTR record in our book.
> 
> But doesn't this open the door for the spammer to just get a throwaway
> domain name and authorize his own spam? The advantage of using the RDNS
> of the connecting host is that it is fixed by the ISP, who can
> be held responsible by RBLs. Since there are a finite number of IP address
> blocks, the ISP isn't going to want to repeatedly issue new IP addresses
> to the spammer. Without that enforcement tool, there isn't any real
> incentive in the system.

You are quite correct.  I realized this after I sent the mail.
It works well for open relays since the spammer cannot control the EHLO name.
However, open proxies and such are another story.

> 
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg

-- 

Steven F. Siirila			Office: Lind Hall, Room 130B
Internet Services			E-mail: sfs@umn.edu
Office of Information Technology	Voice: (612) 626-0244
University of Minnesota
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] whitelisting server and not users
  - From: Steven F Siirila
- Re: [Asrg] whitelisting server and not users
  - From: Daniel Feenberg

Prev by Date: Re: [Asrg] SMTP over SSL
Next by Date: RE: [Asrg] SMTP over SSL
Previous by thread: Re: [Asrg] whitelisting server and not users
Next by thread: Re: [Asrg] whitelisting server and not users
Index(es):
- Date
- Thread