Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Antispam -- An open letter to Cruelmail -- Effect of Forged Return Addresses

6 views
Skip to first unread message

95h62gq02

unread,
Jan 13, 2005, 3:58:24 AM1/13/05
to
I sent the message that I reproduce below, to Cruelmail, which is a
service that lets you sign up for a mail address, then when people
write to you at that address, if the return addresses on those messages
aren't on your whitelist, Cruelmail blocks the message and sends to the
return address, a demand for money. I think this would be a good idea
except for the problem I describe in my letter to them. I would be
interested in any comments. Thanks.

Date: Wed, 12 Jan 2005 07:29:22 -0500
From: [me]
To: help...@cruelmail.com
Subject: Effect of Forged Return Addresses

Greetings.

Thanks for trying to do something about the spam problem.

Most spam has forged return addresses. Often, spammers use
real addresses of real people as return addresses in spam
(they harvest these from fora, etc.). If I use your
service, spam that comes to my address at cruelmail.com
will trigger a message (the rejection message) to an
innocent bystander, the person whose address the spammers
used as the return adddress. This will result in your and
my being morally responsible for spamming that innocent
bystander; you and I shall become spammers if I use your
service.

Have you thought about any measures to overcome this
concern?

--
Jack Waugh

Jack

unread,
Jan 14, 2005, 11:03:54 PM1/14/05
to
What if the SMTP host rejected, *during the SMTP session*, mail where
the From address isn't whitelisted and the mail doesn't include a key
like Cruelmail's "postage"? Rejecting the likely spam during the SMTP
session instead of rejecting it by mailing to the return address gets
around the problem of spamming innocent bystanders whose mail addresses
the spammers have stolen to use as return addresses in spam.

(I also wrote this in another forum, at http://snipurl.com/c11n ; some
replies might accumulate there).

Frank Slootweg

unread,
Jan 15, 2005, 4:52:29 AM1/15/05
to
Jack <8e2i...@sneakemail.com> wrote:
> What if the SMTP host rejected, *during the SMTP session*, mail where
> the From address isn't whitelisted and the mail doesn't include a key
> like Cruelmail's "postage"? Rejecting the likely spam during the SMTP
> session instead of rejecting it by mailing to the return address gets
> around the problem of spamming innocent bystanders whose mail addresses
> the spammers have stolen to use as return addresses in spam.

No, it *doesn't* ("get around the problem of spamming innocent
bystanders ..."). This has been discussed in this group ad nauseum. The
"reject during the SMTP session" variety of C-R suffers from similar
problems as the bouncing variety, because the sending MTA *must* send a
DSN *email* message (== spam) to the (forged) return address.

See for *example*:

http://groups.google.ca/groups?selm=1r2vg01jrmbob32pr...@4ax.com

and

http://groups.google.ca/groups?selm=vfd9tx...@blue.sea.net

Jack

unread,
Jan 16, 2005, 8:40:08 AM1/16/05
to
Aw, rats. I guess everybody has to get on board the new protocols
being proposed to replace SMTP.

Jack

unread,
Feb 9, 2005, 5:34:16 PM2/9/05
to
Re http://snipurl.com/cnue by Frank Slootweg:

I can't follow your references. Maybe you could put them through
www.snipurl.com?

Wouldn't it be the case that sending spam to a bogus address with a
forged return address would cause the sending MTA to send a bogosity
retort to the forged return address? So the problem is already
inherent in the protocols and making an address act bogus when it
doesn't like what is coming doesn't make things qualitatively worse.

Frank Slootweg

unread,
Mar 15, 2005, 9:01:06 AM3/15/05
to
[Very late response due to extended absence.]

On February 9, Jack <8e2i...@sneakemail.com> wrote:
> Re http://snipurl.com/cnue by Frank Slootweg:
>
> I can't follow your references. Maybe you could put them through
> www.snipurl.com?

I assume you read this group via Google's Google Groups BETA
interface. If so, apparently that interface breaks posted URLs (Don't
ask me why!). I looked at my article and the URLs have dots ("...") in
them, apparently 'because' the URLs don't fit on one line. I can only
suggest to use the non-BETA interface at any of the 'local' Google
sites, for example at

http://www.google.ca/grphp?hl=en&tab=wg&q=

[or see http://www.google.ca -> Groups if even the above URL is too
long for GG BETA]

or better, use a real newsreader.

> Wouldn't it be the case that sending spam to a bogus address with a
> forged return address would cause the sending MTA to send a bogosity
> retort to the forged return address? So the problem is already
> inherent in the protocols and making an address act bogus when it
> doesn't like what is coming doesn't make things qualitatively worse.

We were not talking about a bogus target address. We were talking
about a *valid* *target* address, but a *non-whitelisted* *From*
address.

0 new messages