Re: [exim] Ultimate spam defense - check for the sender MX r…

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: Exim, Users
Subject: Re: [exim] Ultimate spam defense - check for the sender MX record
On 27/12/06, Ian Eiloart <iane@???> wrote:
>
>
> --On 27 December 2006 10:33:41 +0000 Peter Bowyer <peter@???> wrote:
>
> > On 27/12/06, David Saez Padros <david@???> wrote:
> >> Hi !!
> >>
> >> >>> I would like to increase a spam defense of our server by checking if
> >> >>> a sender really represents an MX server of his/her organization. So
> >> >>> if a certain PC is trying to send me an e-mail from user@???
> >> >>> then we will check if this person's IP address is within MX servers
> >> >>> of domain.com, otherwise we'll refuse to accept the mail.
> >> >> This is misguided. There's no useful correlation between outbound mail
> >> >> relays and inbound MXs for a large proportion of the internet. Don't
> >> >> do it.
> >> >>
> >> > OK, I see I was wrong. I just wanted to implement it because some
> >> > prominent unix person had suggested this way of struggling with
> >> > spammers.
> >>
> >> you just could use this check to score messages when no spf
> >>
> >> http://www.ols.es/exim/acl/ismx.acl
> >
> > Even if you only use that for scoring, I still believe it's unwise.
> > What you're actually doing is scoring the sending domain's email
> > infrastructure against what you believe it should look like.
>
> Actually, I don't think this matters. The problem that you're highlighting
> is that there's no information regarding email that fails the test. Fair
> enough. However, email that passes the test probably is less likely to be
> spam [if only because spammers don't usually use their own resources to
> send email, or because one can potentially punish them later if they do],
> so the test might be useful for whitelisting.


Yes, I agree, taken that way round its a useful adjunct to
whitelisting. Just like SPF and DK, actually :-)

> > A few
> > tens of millions (beermat estimate - AOL, Hotmail, Gmail, Wanadoo for
> > starters) of ISP users across the world would score badly for the sole
> > reason that their provider chose a particular way of engineering their
> > email system.
>
> Actually, you need to take Hotmail off that list, since they do publish SPF
> records, so their servers would pass this test.


True, I was referring to the MX comparison part of the test, but I see
now that it has an 'accept' at the top for an SPF pass. Rightly so.

Probably still tens of millions, though..... I left off all the
Outblaze domains.....

Peter


--
Peter Bowyer
Email: peter@???