[Mimedefang] Another silly idea

Paul Murphy pjm at ousekjarr.org
Wed May 3 12:26:55 EDT 2006


> So, based on the code flying around, you'd never get my email.
> So what would your response be (I usually try to reject with a telephone
> number, so real clients can phone and bitch about the SMTP failure)?
> "Change ISP"... That's not quite the response thats going to help our 
> company communicate to you via email. I admit, things need to change and
> perhaps the email admins need to make that change. Take a stand, protect
> it by policy, or fight those misconfigured systems. Maybe this will
> actually change this situation (will your boss pay for it though?). 

My response is:	"Connection rejected - we don't accept mail from end-user
hosts - get a proper reverse IP mapping, or route via your ISPs mail server."

If you are capable of setting up your own mail server, you should be capable
of configuring the routing as suggested, or of sorting out rDNS, or both.

If you are on an address in a block which appears in some of the lists of
"dynamic" ranges, you will already have discovered that AOL, Yahoo,
Sprintmail and several other fairly major players are already refusing mail
from you.  The solution to this is to use your ISP's mail server - either for
all traffic, or for specific domains via an entry in Sendmail's mailertable
map.

> The amount of dhcp, dsl, cable, dialup being in a domain
> name does make you want to drop them dead, but just on PTR/IP tests?
> This sounds like something Verizon, or A0L will do.

Yes, until there is a better way to do it.

> You might as well return "Sorry, go to http://URL.HERE.com/WhiteList/, 
> and get yourself whitelisted" in the error message..

Possibly - but imagine every user having to do this for every address they
send to...
 
> You could take this data, and figure out the average spam value of the
> emails. If it consistently sends more spam, score it high. 
> This is starting
> to sound like AWL from SA, but without the cost of the SA process.
> Delay/Greylist the email for longer than normal; get the 
> emailing server
> to incur cost, reduce their rate of transfer, but but not 
> drop instantly. 

The problem with broadband botnets is that the spammers aren't paying for the
bandwidth, don't care about delays, and have plenty more addresses they can
try from.  In some cases, it looks like each bot is a throwaway address which
never gets used again, so the owner never works out that their system was
hijacked between 0300 and 0600 last Tuesday.  Until maybe a few weeks or
months later, when everyone has taken the offending address out of their
blacklists due to inactivity...

Paul.

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.392 / Virus Database: 268.5.2/329 - Release Date: 02/05/2006
 




More information about the MIMEDefang mailing list