Re: antispam proposal: refuse mail from unknown senders

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Rahul Dhesi
Datum:  
To: exim-users
Betreff: Re: antispam proposal: refuse mail from unknown senders
Let me refine and further analyze this idea, and respond to what others
said.

COMMENT: Supose some site has a temporary mail problem and it returns a
fatal error code for all messages sent to its users. The we will end up
not accepting mail from any of them.

RESPONSE: We should put an address on our block list only if we were
sending a bounce to that address and it could not be delivered. This
should decrease the incidence of false hits to very, very low.

COMMENT: Spammers use a different bad address each time.

RESPONSE: An individual recipient may see different random bad addresses
most of the time (because he gets junk email from many different
spammers). But if you look at sitewide statistics, as I do, bad
addresses are repeated many times.

It's slow and inefficient to send junk email to only one recipient at a
time, so the typical spammer will send each message to 10, 50, 100, etc.
recipients at a time. If he were sending junk email to one addressee at
a time he would also put the addressee in the To: line, to be more
friendly and to bypass filters that trap Bcc'd mail. If your email
address is not in the To: line it's a sure sign that the junk message
was sent to more than one addressee.

Even if the typical spammer sends to only 5 recipients at a time, this
means that sitewide we will on the average block up to 80% of junk email
just by blocking bounces to bad senders. And I know junk emailers send
to many more than just 5 at a time.

COMMENT: Use receiver_verify, keep misaddressed messages out.
RESPONSE: In my case the MX hosts do not have local users. They accept
mail and relay to other machines for final delivery. So receiver_verify
does not work. The other consideration is that most users here have
Nojunk(tm) filtering on, which is active while final delivery into their
mailbox is being done. At this point if a message is identified as junk
email and rejected, a bounced message is sent back to the original
envelope sender. More often than not, this bounce message becomes a
double-bounce, because of the use of fake sender addresses by junk
emailers. It would be nice if the first such double-bounce for a given
sender immediately got converted into a sender block at the SMTP
borderline. The scenario would then be:

- Junk emailer sends mail to recipient here, mail is accepted by SMTP server
- Anti-junkmail filtering rejects message, bounce goes back
- Bounce becomes double bounce because junk emailer used a fake sender address
- Fake sender addresss is immediately added to Exim's block list
- No more incoming mail is accepted that shows the same sender address

This same scenario would be effective at any site that has any type of
anti-junk-email filtering at the point of local mail delivery (e.g.,
widely used procmail filters), so long as a real bounce message (with
empty envelope sender) is generated. Note that a user's simply bouncing
back mail from people he doesn't like would not cause any problems,
since only double-bounces would cause a sender to be added to the block
list.

Rahul Dhesi <dhesi@???>
hostmaster & postmaster
a2i communications network operations

--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/