[milters] Archive

Lists Index Date Thread Search

Article: 1427
From: Grant Taylor
Date: 2007-02-06 17:14:32 -0500
Subject: Re: Per user settings

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Derek J. Balling wrote:
> I think it depends a great deal on your environment. Many places limit 
> the size of inbound attachments anyway (to prevent denial-of-service 
> attacks where someone just starts e-mailing you ISO images to fill your 
> temp-space, queue-space, or spool-space). If you're in an environment 
> where "large attachments to a number of discrete addresses" is an issue, 
> then certainly it's not ideal. However, it's worth pointing out that if 
> you want per-user DATA-stage filtering you don't have any other *real* 
> options, because the SMTP spec simply doesn't account for mix-n-match 
> responses after the fact (unless you want to get into the business of 
> crafting and queuing DSNs to possibly forged envelope-senders).

You have your opinion, and I have mine.

> I've pointed out my objections to milter-sender (and, to be fair to 
> Anthony, any type of callback scheme) in the past. I think it's a 
> shameful waste of resources, and will lead to an escalation in spammers 
> simply joe-jobbing real addresses to get around the problem.

My experiences contradict this.  (See below)

> Before I implement any anti-spam solution, I always ask myself, "If I 
> was a spammer, and this solution was prevalent, how would I work around 
> it?"  ... and the answer for callbacks is simple: Use valid addresses. 
> Now, certainly they could use their OWN valid addresses, but that's an 
> inefficient use of their scarce resources. It's much more cost-effective 
> for a spammer to use SOMEONE ELSE's valid address. So 
> "legit-user@yahoo.com" appears to e-mail you, you validate the address, 
> and lo and behold, it's not really from legit-user@yahoo.com.

Sender verification is not the one end all / be all solution.  Rather 
sender verification is just one piece of a much larger over all solution 
that has, at least for me, worked very well.  If you use Sender Policy 
Framework in conjunction with sender verification, it becomes much more 
difficult for any one to send an email out claiming to be from a given 
domain if that given domain publishes SPF records in their DNS.  Granted 
that not a lot of administrators publish SPF records at this time, but 
more and more are doing so.  One thing that does help is that a lot of 
the bigger domains in the world, do publish SPF records.  I just did a 
quick check of AOL, Yahoo, Google Mail (we can't call it GMail any 
more), MSN, Hotmail, IBM, and Microsoft, of which Yahoo was the only one 
that does not publish SPF records.  Yahoo also does something else, 
namely Domain Keys, to help thwart spoofed messages.  So, in the long 
run, the availability of valid email addresses that can be sent from 
just about any where is shrinking smaller and smaller each and every 
day.  I have also seen Milter-Sender cut a HUGE dent in the amount of 
spam that comes in to my servers.  Is that result based on sender 
verification or grey listing, I don't know.  However, I feel much safer 
if I do find the need to bounce a message that the bounce will not get 
stuck in my mail queue consuming resources.  Also, seeing as how my 
bounces do not include the body of the inbound message, I can not be 
used for reflected spam.  I can not win every war, but I can choose my 
battles intelligently.  Is this proper, or the best that can be done, 
possibly not, but it has, does, and probably will work for the future. 
If / when problems arise, I'll address them at that point in time.

With regards to the fact of mixed per recipient accept / drop / reject 
of emails, I'm presently working on something to make this more of a 
possibility.

> To me, that particular anti-spammer/spammer escalation simply makes mail 
> LESS useful. Long-term it doesn't solve the e-mail problem, but it 
> *will* increase blow-back, meaning a net *increase* in net abuse, not a 
> decrease.

I'm curious how / why you think this "Tit-for-Tap" game that we all seem 
to be playing makes mail "less useful".  Pleas explain?  I disagree that 
stopping a spam, and possibly erroneously sending a DSN that does not 
include the spam content is an increase in abuse.  Further more, if my 
system does not even let in most of the system (rejects it during the 
SMTP transaction), thus causing the sending system to deal with bouncing 
is me increasing abuse.  I'm simply rejecting abusive content before it 
comes in to my system.  Now, if I blindly accept messages and then 
bounce them, yes, however that is not what I'm doing.



Grant. . . .

Lists Index Date Thread Search