[Full-Disclosure] Spam Solution
From: Alavan (alavan_at_pangeatech.com)
Date: 06/18/04
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] MS Anti Virus?"
- Next in thread: Nils Ketelsen: "Re: [Full-Disclosure] Spam Solution"
- Reply: Nils Ketelsen: "Re: [Full-Disclosure] Spam Solution"
- Reply: Riad S. Wahby: "[Full-Disclosure] Re: Spam Solution"
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] Spam Solution"
- Reply: Paul Rolland: "Re: [Full-Disclosure] Spam Solution"
- Reply: Gadi Evron: "Re: [Full-Disclosure] Spam Solution"
- Maybe reply: Ng, Kenneth (US): "RE: [Full-Disclosure] Spam Solution"
- Maybe reply: James.Cupps_at_sappi.com: "RE: [Full-Disclosure] Spam Solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Thu, 17 Jun 2004 15:53:25 -0700
Please correct me if I'm missing something here:
Microsoft and POBOX.com support Caller ID and SPF to help thwart phishing
and SPAM.
I can see it helping phishing (kind of) as the phishers won't be able to
forge the FROM address. But, that won't stop naive users from entering
their personal information onto the fake site even with some rogue FROM
address. Also, the phishers can just claim to be from a hired consulting
agency and send the SPAM from a hijacked PC on a domain that sounds
somewhat technical (or something like that).
Also, if spammers can't forge, so what? They'll just grab the domain name
from the PC they've hijacked and send away or go back to using the e-mail
client on the machine. Once the spammers change their methodology (which
they do all the time to counter anti-spam efforts), these measures will
have little to no effect.
Plus, many people use a FROM address from one of their other POP accounts
on other domains. For instance, let's say I'm sending an e-mail from home
just before I leave to a business contact and I want them to see my
corporate e-mail address instead. In order to accomplish this after Caller
ID and SPF, all admins will have to get their users to switch to POP before
SMTP to their corporate mail servers to avoid these returned e-mails (when
the FROM address is intentionally forged).
From what I've seen, most of the SPAM comes from hijacked machines - even
the SPAM from other countries. So, port 25 blocking is good, but not the
be-all end-all as some "users" will want to host their own mail.
It seems to me that if we make all MTA's register somehow (both SMTP and
POST), this would eliminate the hijacked machine as spambot phenomenon. We
already have MX records for SMTP, but a lot of providers use different
machines to receive (via SMTP) and send mail (POST). So, maybe a new DNS
record is introduced for POST. Your machine(s) could do both or not. When
your server goes to accept a message, it looks to see if the IP of the
sending machine is listed in this new DNS record. If not, return a 5XX error.
Didn't I read something somewhere about the possibility of this?
Thanks,
Alavan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] MS Anti Virus?"
- Next in thread: Nils Ketelsen: "Re: [Full-Disclosure] Spam Solution"
- Reply: Nils Ketelsen: "Re: [Full-Disclosure] Spam Solution"
- Reply: Riad S. Wahby: "[Full-Disclosure] Re: Spam Solution"
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] Spam Solution"
- Reply: Paul Rolland: "Re: [Full-Disclosure] Spam Solution"
- Reply: Gadi Evron: "Re: [Full-Disclosure] Spam Solution"
- Maybe reply: Ng, Kenneth (US): "RE: [Full-Disclosure] Spam Solution"
- Maybe reply: James.Cupps_at_sappi.com: "RE: [Full-Disclosure] Spam Solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
