Re: [Exim] Spam due to forgeries out domains hosted by outbl…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Matthew Byng-Maddick
Date:  
À: exim-users
Sujet: Re: [Exim] Spam due to forgeries out domains hosted by outblaze
On Wed, Feb 18, 2004 at 03:32:19PM +0530, Suresh Ramasubramanian wrote:
> <quote who="Odhiambo G. Washington">
> > We receive a lot of spam with forged sender addresses bearing domain
> > names hosted by Outblaze. I have spoken to the man in the driver's
> > seat at hotblaze (Hi Suresh) and he's given me some valuable advise.
> They are not just a problem at your end. And god knows, I've posted these
> filters several times in the past.
> 1. If you see ".mr.outblaze.com" in any Received: header --> forged spam.
> 2. If you see HELO mail.com, HELO email.com etc --> forged spam


This gets me thinking. People on this list maintain different filters for
each site, eg. hotmail hello as "hotmail.com", but have an rDNS in msn.com
or hotmail.com, outblaze hello as their primary hostname (and presumably
have an outblaze.com rDNS), yahoo as their primary hostname. Each site
maintains filters individually, and there's no coordination when such
heuristics/site policy change. Is there any IMC or similar WG to look at
how to either coordinate this data, or any abuses of the DNS, or other
such mechanism where such things could be coordinated.

Would it be sensible to start thinking about such a project? (preferably
getting the major players involved, such that the rules are site policy
rather than heuristic). I guess that what I imagine is something like the
rtconfig tools for generating filter lists on routers, such that with the
information published, you can generate filter lists for all the different
MTA configs.

Would people be interested in such a project, or is there one already (and
no, don't say SPF)?

Cheers

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/