[Sussex] SPAM Filtering Revisited

Andy Smith andy at lug.org.uk
Sun Aug 20 19:50:45 UTC 2006


On Sun, Aug 20, 2006 at 08:07:21PM +0100, Steven Dobson wrote:
> By added the "callout" option exim tries to make a SMTP connect
> back, as if it were trying to send such a bounce message.  If the
> connection successed and the server at the other end validates the
> address then exim accepts the incoming message, otherwise it
> defers it.
> 
> In monitoring the exim logs I appear to have stop over fifty messages in
> the last 24 hours.  None of these messages came from e-mail addresses I
> recongised.  In fact most seamed to come from only one or two addresses.

I do not believe it is acceptable to use sender callback
verification (i.e. actually making callouts to a remote mail server
to see if mail for a given address would be accepted) as it puts an
unfair load on innocent mailservers that happen to have been forged
in to the mail.

For example, if a spam run takes place sending 1 million emails with
a random string at strugglers.net as their from address then I do not
want thousands of mail servers world-wide to be connecting to my
MXes to try and determine if the string at strugglers.net is
deliverable.  It will quickly fill up my allowed amount of
connections and delay legitimate mail to me.  I would much rather
that the receiving sites did not involve me directly and if they
find it to be spam they reject it within the SMTP conversation or
else silently discard it.

Yes, caching of results does stop one server from repeatedly
retrying a given user at domain, but this doesn't help when it is
random at domain and thousands of servers worldwide.

Sender CBV is much much better than accepting the mail and then
bouncing a DSN back to the forged sender (in the above scenario I
would then receive thousands of bounce messages for mail I never
sent, which is far worse than just connections that check for
deliverability without actually doing a delivery).  But I believe it
to be far too abusive on inncoent uninvolved parties if everyone
were to implement it.  Get rid of bounces and stop there.

I can only see CBV as being justifiable in very limited
circumstances where a mail is going to be sent out to the forged
sender ANYWAY because there was no way t do the anti-spam checking
inside the SMTP conversation.

When implementing anti-spam measures I urge people to consider what
effect it would have on remote sites if everyone did it.  Lack of
consideration for third parties leads to ideas like sender CBV and
challenge-response.

Cheers,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060820/810693e7/attachment.pgp 


More information about the Sussex mailing list