Re: [exim] Anti Phishing Trick

Top Page
Delete this message
Reply to this message
Author: Fred Viles
Date:  
To: exim-users
Subject: Re: [exim] Anti Phishing Trick
Skipping the bits Marc answered:

On 25 Aug 2005 at 11:34, Marilyn Davis wrote about
    "Re: [exim] Anti Phishing Trick":


| On Thu, 25 Aug 2005, Fred Viles wrote:

|...
| > On 25 Aug 2005 at 10:18, Marilyn Davis wrote about
| >     "Re: [exim] Anti Phishing Trick":

|...
| I'd say that spam ought not generate an auto-response or DSN that gets
| anywhere, except back to the spammer or a blackhole.


Then we agree.

|...
| > If by "collateral mail" you mean all auto responses and DSNs,
| > nothing. My point is that every reasonable effort should be made to
| > avoid generating such for cases 2 and 3. Specifically, generating
| > such for detected spam from known forwarding hosts should be avoided.
|
| Detecting spam from "known forwarding hosts" means using the
| blacklists?


No. The context here was Alan's message talking about specific
external hosts on which he and/or his users have accounts, and those
accounts are configured to forward all messages to accounts on his
system.

So that's what I meant by "known forwarding hosts", not open relays.

| If you auto-respond to spam from a known forwarding host,
| unless it is a joe job, what is the bad thing?


If you respond to *any* spam, auto- or otherwise, the bad thing is
that in the real world the most likely recipient of that response is
an innocent third party. But in Alan's case, his system is not
generating a response itself, it is doing an SMTP-time rejection that
is known to cause a known forwarding host to generate a DSN.

The "known forwarding host" part is important. Rejecting mail that
is being forwarded by abused or open relays will also led to DSNs
being generated, but in that case I'm unconditionally in the camp
that says it is the relay's problem.

More similar to Alan's case, I'd also agree that there's no
reasonable way an ISP could give special treatment to forwarders its
customers may set up.

Alan's case is more grey, as the admin of a university system with a
limited (but large) set of users. But by his own description, he
knows about a specific set of external hosts that he and other users
have forwarding accounts at, which cause problems. It's his decision
to inflict avoidable damage on third parties for those known cases,
rather than risk silently dropping an occasional false positive or
expend more resources to prevent it.

I'll readily agree that quarantine-and-review is not feasible in
Alan's case (unlike my small site), so it comes down to us
disagreeing which is the lesser of two evils: knowingly causing
collateral spam to be generated, or dropping an occasional legitimate
message.

- Fred