Re: [exim] Ultimate spam defense - check for the sender MX r…

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: Exim, Users
Subject: Re: [exim] Ultimate spam defense - check for the sender MX record
On 27/12/06, David Saez Padros <david@???> wrote:
> Hi !!
>
> >>> I would like to increase a spam defense of our server by checking if a
> >>> sender really represents an MX server of his/her organization. So if a
> >>> certain PC is trying to send me an e-mail from user@??? then we
> >>> will check if this person's IP address is within MX servers of
> >>> domain.com, otherwise we'll refuse to accept the mail.
> >> This is misguided. There's no useful correlation between outbound mail
> >> relays and inbound MXs for a large proportion of the internet. Don't
> >> do it.
> >>
> > OK, I see I was wrong. I just wanted to implement it because some
> > prominent unix person had suggested this way of struggling with spammers.
>
> you just could use this check to score messages when no spf
>
> http://www.ols.es/exim/acl/ismx.acl


Even if you only use that for scoring, I still believe it's unwise.
What you're actually doing is scoring the sending domain's email
infrastructure against what you believe it should look like. A few
tens of millions (beermat estimate - AOL, Hotmail, Gmail, Wanadoo for
starters) of ISP users across the world would score badly for the sole
reason that their provider chose a particular way of engineering their
email system.

It might be instructive to collect statistics on incoming email that
passes or fails this check, and see how much of a spam sign it is
compared with a false positive, however. Then see how much of the real
spam would have been caught by other tests, and decide whether the FP
rate, perhaps augmented with whitelisting, makes it worthwhile. I'll
bet a large portion of Christmas Pudding that it will turn out to be
of no use.

Peter

--
Peter Bowyer
Email: peter@???