[Sussex] Web server help

Steve Dobson steve at dobson.org
Fri Dec 17 11:39:49 UTC 2004


Mark

On Fri, Dec 17, 2004 at 10:43:00AM -0000, Mark Harrison wrote:
> From: "Andrew Guard" Friday, December 17, 2004 6:30 AM
> > PS.  This is the first time I have used the new webmail site for sending
> > e-mails from blueyonder.  The really cool thing is you can config it to
> > use any e-mail address you like not just blueyonder domain address;)
> 
> Up to a point :-(
> 
> 99% of the time this approach works, BUT some receiving organisations now
> perform an anti-spam check as follows:
> 
> - Look at the sender's email address on the incoming message
> - Look up the MX records for that domain
> - Check whether any of those servers appear in the message header
> - If not, reject it on the basis it's spam!
> 
> I have this problem with one large American firm with whom I have to deal on
> behalf of a client. It's, apparently, a "US Government" security
> recommendation :-(

You can expect more of this type of checking as time goes on.  There are
moves afoot to introduce more checking as mail is passed around, like is
this mail from a domain that claims to route for this domain (SPF) [1].

Microsoft put SenderID up to the IETF as the way to beat spam, but the
IEFT turned it down, mainly because of license issues in technology
in SenderID that is patented by Microsoft [2].

The problem is that SPF and SenderID don't work for all legitimate 
e-mail being sent.  I rent my e-mail address (steve at dobson dot org)
from NetIdentify who own dobson dot org.  If you send me e-mail (or if
this list sends me e-mail) it is first routed to NetIdentity's server
that then forwards it on to my MTA (on mail dot uthink dot co dot uk).
But when I send an e-mail my MTA send that e-mail direct to the MTA
of the receiver (via the DNS MX records), it doesn't go anywhere near
a NetIdentity server (unless, of course, the recipient's also rents
his e-mail address from NetIdentity).

Anyone that checks the sender's e-mail address's MX records against
the IP address of the connecting MTA will reject my e-mails as spam
(just like Mark's are).  I could route my e-mails via NetIdentity's
servers, but that just increases the network bandwidth needed to 
send mail.

ATM no one can agree on a way to help combat spam, but someone, somewhere
will come up with a method that works, or partly works.

Steve

[1]
http://spf.pobox.com

[2]
http://www.infoworld.com/article/04/09/14/HNietfmsblow_1.html




More information about the Sussex mailing list