[H-GEN] Stopping spam
Russell Stuart
russell-humbug at stuart.id.au
Thu Mar 31 03:10:50 EST 2005
On Thu, 2005-03-31 at 15:54, David Jericho wrote:
> > 1623 SMTP protocol violation. [Eg: not waiting for 2xx
> > response before sending next request.]
>
> For those who don't know, this isn't always a violation. See RFC 2920.
> Pipelining of SMTP commands is commonly used in legitmate large scale
> environments.
Even if pipelining is being used there are times when you
must wait for a response - and in particular to the EHLO
command. Many spammers don't bother.
> > c. Yahoo doesn't implement SPF. It was worth my while to put in a
> > manual check that emulated SPF for Yahoo. Between them, SPF
> > and this manual check catch over 1/2 the spam.
>
> My chief gripe with SPF is that are too many networks that block
> outbound SMTP to be useful. For example, even though I'm posting from
> aarnet.edu.au, I'm actually on QUT's network at the moment, meaning I
> must use their network.
Yes, SPF can make forwarding complex. But for me anyway there
have been enough ways to work around it to make it useful.
Firstly, you can nominate any number of servers / domains as
authorised SMTP servers for your domain. Even if you you did
something as perverse as nominating all .au domains, it still
represents a formidable barrier to any spammer.
Secondly you (and I for that matter) represent a special case -
we roam. Most people don't. SPF allows escapes for special
cases for individual email addresses. It is possible to
implement a default policy for most people in your
organisation, then say that david.jericho has no restrictions,
or perhaps can send from any .edu.au domain.
Anyway, so far it has worked out well for me. It catches
lots of spam, and hasn't stopped anybody in the domains I
manage from sending email - not one complaint. I was
suspicious of it before I tried it, but now I am a fan.
> > c. The only check here that causes me grief (as in complaints
> > about email not getting through) is insisting on a Message-ID.
> > Yes - I know the rule violates the 2822, but it does catch
> > a fair number of messages. qmail and Outlook seem to be the
> > principal culprits here.
>
> 2822 3.6.4 does only say "SHOULD", where SHOULD is defined by "mean that
> there may exist valid reasons in particular circumstances to ignore a
> particular item, but the full implications must be understood and
> carefully weighed before choosing a different course." Not so much a
> violation, as opposed to a "please explain".
>
> RFC 2119 for the curious.
>
> In anycase, ignoring messages from Outlook appears fairly reckless to me.
5 external senders have complained in the past 6 months.
So far they have either been using Outlook (not OE) or
gone through a qmail server, or both. Outlook does
normally add Message-ID's, and I can't believe qmail
deletes them, so there is some other trigger involved.
More information about the General
mailing list