[afnog] Re: AOL rejecting hosts with no rDNS?

Calvin Browne calvin at orange-tree.alt.za
Tue Jun 29 14:56:46 EAT 2004 

On Tue, 2004-06-29 at 11:20, Brian Candler wrote:
> On Tue, Jun 29, 2004 at 10:56:02AM +0200, Alan Barrett wrote:
> > On Tue, 29 Jun 2004, Brian Candler wrote:
> > > If I am a spammer and I send through (let's say) AOL, SPF lets me send
> > > out MAIL FROM:<> any domain which permits AOL's mail relays as its
> > > sender.
> > 
> > Yes.  So, as the manager of the foo.example domain, I can prevent you
> > from sending mail through AOL's mail relays that purports to be from
> > anybody at foo.example.
> 
> Sure. In other words, that restricts the range of domains which a spammer
> can use for forged envelope senders, but it's only a minor inconvenience to
> the spammer.
> 
> In the olden days, spammers sent out mail with
> MAIL FROM:<abcdef at tuvwxyz>
> 
> People thought: "aha! all spam has invalid domains on the RHS of MAIL FROM.
> So I can block spam simply by validating the MAIL FROM: domain." It's a
> cheap test, so everyone turned it on; it became the default for many MTAs.
> 
> So what happens? Spammers now use real E-mail address as the MAIL FROM
> address, which makes the problem worse.
> 
> Now people say: "aha! all spam has forged domains on the RHS of MAIL FROM.
> If I can detect these forgeries I can block all spam".
> 
> However, if/when SPF comes along: all the spammer has to do is pre-filter
> their list of MAIL FROM: addresses to select ones which have SPF policies
> which allow origination from the IP address of the system they're about to
> relay through. This is a cheap DNS lookup for the spammer. Spam volumes
> might be reduced for a few weeks, until the spammers implement this.

<SNIP>

The non-technical solution to spam is simple: make it more expensive for
the spammer to send mail than the returns they receive from spam.

I like greylisting + rbl's - forces them to spend more getting 'more
legit' accounts, costs them more to stay online, and after (my current)
one hour delay in greylisting they're blocked in the rbl anyway.

This means they have to spend more money, and therein lies the end-game
win.

--Calvin

-------------------* My opinions are mine *-------------------------
 Calvin Browne calvin at orange dash tree dot alt dot za
               Office phone: 080 314 0077        +27 11 314-0077
               http://orange-tree.alt.za Mobile: +27 83 303-0663
               Call me for Linux/Internet consulting
--------------------------------------------------------------------

More information about the afnog mailing list