[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [testlist] Rules for Rejecting Mail (was Re: Undelivered Mail Returned to Sender)

To: "Eric Rescorla" <ekr at rtfm.com>
Subject: Re: [testlist] Rules for Rejecting Mail (was Re: Undelivered Mail Returned to Sender)
From: Dean Willis <dean.willis at softarmor.com>
Date: Sat, 17 May 2008 04:31:17 -0500
Cc: Working Group Chairs <wgchairs at ietf.org>, testlist at mail.ietf.org, Glen <glen at amsl.com>, Danny McPherson <danny at tcb.net>
Delivered-to: ietfarch-wgchairs-archive at core3.amsl.com
Delivered-to: wgchairs at core3.amsl.com
In-reply-to: <d3aa5d00805152038r5e20dd3doe67bc3720e3241bd@mail.gmail.com>
List-archive: <https://www.ietf.org/mailman/private/wgchairs>
List-help: <mailto:wgchairs-request@ietf.org?subject=help>
List-id: Working Group Chairs <wgchairs.ietf.org>
List-post: <mailto:wgchairs@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=unsubscribe>
References: <20080515004442.D070B3934C@chlorine.colo.stayonline.net> <B5CE2A4E-628D-475F-8BED-03A1CE2386E3@cisco.com> <C0C81DFE-64E3-43D4-9AEA-217CC989F2AB@tcb.net> <d3aa5d00805151919v52755cd6xb3323e47ff1a5f72@mail.gmail.com> <482CF9AD.5070108@amsl.com> <d3aa5d00805152038r5e20dd3doe67bc3720e3241bd@mail.gmail.com>
Sender: wgchairs-bounces at ietf.org


On May 15, 2008, at 10:38 PM, Eric Rescorla wrote:


As I indicated in my exchange with James, there's nothing stopping
a spammer from (1) registering a valid name and advertising
it in his HELO (2) simply advertising a totally random name that
doesn't map to his IP  in his HELO. Both of these measures will
evade rule (A), and indeed (2) is RFC 2821 compliant. Moreover,
as Danny observes, address literals are also RFC 2821 compliant
and appear to pass the current configuration.

Accordingly, here we have a situation where we have a rule that
is:

(1) easy for any spammer to bypass
(2) can be shown to have blocked legitimate mail in at least two cases
    [Note, you say "defer", but since the issue here is hosts without

records, not DNS failures, defer is just a particularlyinconvenient

    form of block.]

But it blocks the vast majority of spambot traffic without additionalCPU loading. This rule combo blocks thousands of spams a day on myserver; I'd guess it to be millions on the IETF boxes.


--
Dean

Follow-Ups:
- Re: [testlist] Rules for Rejecting Mail (was Re: Undelivered Mail Returned to Sender)
  - From: Dean Willis

References:
- Rules for Rejecting Mail (was Re: Undelivered Mail Returned to Sender)
  - From: Glen
- Re: Rules for Rejecting Mail (was Re: Undelivered Mail Returned to Sender)
  - From: Eric Rescorla

Prev by Date: Re: mailing list archives
Next by Date: Re: [testlist] Rules for Rejecting Mail (was Re: Undelivered Mail Returned to Sender)
Previous by thread: Re: [testlist] Rules for Rejecting Mail (was Re: Undelivered Mail Returned to Sender)
Next by thread: Re: [testlist] Rules for Rejecting Mail (was Re: Undelivered Mail Returned to Sender)
Index(es):
- Date
- Thread