Perfect Spam Catcher
Bob Crane
Ok, every day I get 1000 spams.
Question: for these Spam Catchers,
instead of looking up content,
why don't they do a reverse lookup
on the sender's email. If it gets
a 300 response, send it through.
If not, put it in the spam folder.
Can it be any easier?
ynotssor
news:pan.2003.10.15....@earthlink.net
> Question: for these Spam Catchers,
> instead of looking up content,
> why don't they do a reverse lookup
> on the sender's email. If it gets
> a 300 response, send it through.
> If not, put it in the spam folder.
> Can it be any easier?
Maybe you should consider the fact that probably over 95% of UCE sender
email addresses are forged.
--
use hotmail com for any email replies
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----
Andrzej Filip
> "Bob Crane" <jab...@earthlink.net> wrote in message
> news:pan.2003.10.15....@earthlink.net
>
>
>>Question: for these Spam Catchers,
>>instead of looking up content,
>>why don't they do a reverse lookup
>>on the sender's email. If it gets
>>a 300 response, send it through.
>>If not, put it in the spam folder.
>>Can it be any easier?
>
>
> Maybe you should consider the fact that probably over 95% of UCE sender
> email addresses are forged.
*Prior Art*:
Sender checking can be done in sendmail using milter-sender:
http://www.snert.com/Software/milter-sender/
[ AFAIK other MTAs had done it earlier (exim?) ]
*Efficiency Analyze*:
It will not be hard for spammers to pass such tests e.g. by faking addresses
handled by "accept now and bounce later" mail servers, using throwaway
accounts created at free mail services or faking existing email addresses.
P.S.
1) Some spammers are pretty smart and they have proved they know how to adapt.
2) IMHO SMTP should be renamed overSimpified Mail Transfer Protocol.
[ It had been *really* good by the requirements have changed ]
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
an...@priv.onet.pl an...@xl.wp.pl [former: an...@Box43.pl]
*Random Epigram* :
The great secret in life ... [is] not to open your letters for a fortnight.
At the expiration of that period you will find that nearly all of them have
answered themselves.
-- Arthur Binstead
Jose Marcio Martins da Cruz
Andrzej Filip wrote:
> ynotssor wrote:
>
>> "Bob Crane" <jab...@earthlink.net> wrote in message
>> news:pan.2003.10.15....@earthlink.net
>>
>>
>>> Question: for these Spam Catchers,
>>> instead of looking up content,
>>> why don't they do a reverse lookup
>>> on the sender's email. If it gets
>>> a 300 response, send it through.
>>> If not, put it in the spam folder.
>>> Can it be any easier?
>>
>>
>>
>> Maybe you should consider the fact that probably over 95% of UCE sender
>> email addresses are forged.
>
>
> *Prior Art*:
> Sender checking can be done in sendmail using milter-sender:
> http://www.snert.com/Software/milter-sender/
> [ AFAIK other MTAs had done it earlier (exim?) ]
Yes, but this was valid some time before, no more now...
milter-sender and equivalent filters do a "MAIL From" and a "RCPT TO" commands to verify
that user exists. If sendmail answers "220 OK". It considers that users exists.
But when sendmail answers "OK", this *** doesn't means that user exists ***, but only that
sendmail says : "OK, I can accept messages for this user".
So, if I look at our postmaster mailbox, I find usually 3000 messages a day. Most of them,
says 95 % are spam sent using forged adresses from internal mail servers not directly
accessible from outside. This means : spammers are no more using verifiable addresses.
>
> *Efficiency Analyze*:
> It will not be hard for spammers to pass such tests e.g. by faking
> addresses handled by "accept now and bounce later" mail servers, using
> throwaway accounts created at free mail services or faking existing
> email addresses.
>
> P.S.
> 1) Some spammers are pretty smart and they have proved they know how to
> adapt.
Yeaaaaah !
> 2) IMHO SMTP should be renamed overSimpified Mail Transfer Protocol.
> [ It had been *really* good by the requirements have changed ]
>
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michel http://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06 mailto:Jose-Marc...@ensmp.fr
Andrzej Filip
Milter-sender can be configured to so "full check" for some domains.
see -m command line option
http://www.snert.com/Software/milter-sender/
> So, if I look at our postmaster mailbox, I find usually 3000 messages a
> day. Most of them, says 95 % are spam sent using forged adresses from
> internal mail servers not directly accessible from outside. This means :
> spammers are no more using verifiable addresses.
> [...]
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
an...@priv.onet.pl an...@xl.wp.pl [former: an...@Box43.pl]
*Random Epigram* :
"As an adolescent I aspired to lasting fame, I craved factual certainty, and
I thirsted for a meaningful vision of human life -- so I became a scientist.
This is like becoming an archbishop so you can meet girls."
-- Matt Cartmill
Kathy Benson
Sender's email is not the only thing that matters. It is a no brainer to write someone else's email in the address. There are quite a few things that you need to check:
1. IP Address - you can do that with send-mail and public RBL server
2. Domain/Sender verification - Try doing a reverse lookup on the domain name and sender.
3. Content validation
KB
This email is certified to be Spam free by Spam Marshall
You don't pay to get spam, why pay to clean it?
Visit http://www.spammarshall.com to create an account for free
Jose Marcio Martins da Cruz
Andrzej Filip wrote:
> Jose Marcio Martins da Cruz wrote:
>
...
>>
>> milter-sender and equivalent filters do a "MAIL From" and a "RCPT TO"
>> commands to verify that user exists. If sendmail answers "220 OK". It
>> considers that users exists.
>>
>> But when sendmail answers "OK", this *** doesn't means that user
>> exists ***, but only that sendmail says : "OK, I can accept messages
>> for this user".
>
>
> Milter-sender can be configured to so "full check" for some domains.
> see -m command line option
> http://www.snert.com/Software/milter-sender/
>
So, consider the consequences using this option : a spammer sends 10000 messages to 10000
different addresses using as forged sender address an...@priv.onet.pl. If all spam
recipients servers are using milter-sender, you, the innocent, will receive 10000 little
messages with the subject "mailbox check"... Not cool ! 8-)
There are similar solutions under study at ASRG (RMX and so) which will be
more effective and less intrusive...
Dennis Peterson
> Bob,
> Sender's email is not the only thing that matters. It is a no brainer to
> write someone else's email in the address. There are quite a few things
> that you need to check:
>
> 1. IP Address - you can do that with send-mail and public RBL server
> 2. Domain/Sender verification - Try doing a reverse lookup on the domain
> name and sender.
> 3. Content validation
>
> KB
>
> --
> ------------------------------------------------------------------------
> This email is certified to be Spam free by Spam Marshall
>
> You don't pay to get spam, why pay to clean it?
> Visit http://www.spammarshall.com to create an account for free
> <http://www.spammarshall.com>
>
> ------------------------------------------------------------------------
The irony is stupifying.
dp
Andrzej Filip
>
>
> Andrzej Filip wrote:
>
>> Jose Marcio Martins da Cruz wrote:
>>
> ...
>
>>>
>>> milter-sender and equivalent filters do a "MAIL From" and a "RCPT TO"
>>> commands to verify that user exists. If sendmail answers "220 OK". It
>>> considers that users exists.
>>>
>>> But when sendmail answers "OK", this *** doesn't means that user
>>> exists ***, but only that sendmail says : "OK, I can accept messages
>>> for this user".
>>
>>
>>
>> Milter-sender can be configured to so "full check" for some domains.
>> see -m command line option
>> http://www.snert.com/Software/milter-sender/
>>
>
> So, consider the consequences using this option : a spammer sends 10000
> messages to 10000 different addresses using as forged sender address
> an...@priv.onet.pl. If all spam recipients servers are using
> milter-sender, you, the innocent, will receive 10000 little messages
> with the subject "mailbox check"... Not cool ! 8-)
I posted a link to software implementing the idea.
I have not written it is perfect.
> There are similar solutions under study at ASRG (RMX and so) which will be
> more effective and less intrusive...
I posted one RMX like idea myself some time ago
(DNS based "by IP" authentication)
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
an...@priv.onet.pl an...@xl.wp.pl [former: an...@Box43.pl]
*Random Epigram* :
Whip me. Beat me. Make me maintain AIX.
-- Stephan Zielinski
Jose Marcio Martins da Cruz
Hi Andrzej,
Andrzej Filip wrote:
> Jose Marcio Martins da Cruz wrote:
>
>
>
> I posted a link to software implementing the idea.
> I have not written it is perfect.
I agree with you.
The software (milter-sender) isn't perfect, but the idea of finding a way to authenticate
sender is the good way, IMO.
>
>> There are similar solutions under study at ASRG (RMX and so) which
>> will be
>> more effective and less intrusive...
>
>
> I posted one RMX like idea myself some time ago
> (DNS based "by IP" authentication)
>
>
--