[milters] Archive

Lists Index Date Thread Search

Article: 1428
From: Michael Elliott
Date: 2007-02-06 17:58:38 -0500
Subject: Re: Per user settings

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

On Tue, Feb 06, 2007 at 01:29:56PM -0500 or thereabouts, Derek J. Balling wrote:
> I've pointed out my objections to milter-sender (and, to be fair to 
> Anthony, any type of callback scheme) in the past. I think it's a 
> shameful waste of resources, and will lead to an escalation in spammers 
> simply joe-jobbing real addresses to get around the problem.

Defending callbacks: Lets look at the numbers here.  A call back
is going to generate about 500 bytes of traffic.  It is done during
the envelope phase.  So, if it succeeds, the address is a little
more verified.  If it fails, the incoming message is rejected, with
a DSN not going to the place we just called back to unless the
sending IP is forwarding, and the 1K-20M payload of the message 
was never transfered.  It is a win all around.

The system admin at the far end would rather have a one line log
entry and 500 bytes of traffic than a DSN going into the customer's
mailbox, a joejob complaint, or a spam complaint going to SpamCop.

After I have Greylisted, RBL and SPF cleared messages which rejects
80% of mail.  The callbacks reject another 30% of the remainder,
raising the kill rate to 86% while still in the envelope phase, and
before payloads are passed and checked.  Callbacks are more 
time/resource consuming, so they are tried last.

> Before I implement any anti-spam solution, I always ask myself, "If I 
> was a spammer, and this solution was prevalent, how would I work around 
> it?"  ... and the answer for callbacks is simple: Use valid addresses. 
> Now, certainly they could use their OWN valid addresses, but that's an 
> inefficient use of their scarce resources. It's much more cost-effective 
> for a spammer to use SOMEONE ELSE's valid address. So 
> "legit-user@yahoo.com" appears to e-mail you, you validate the address, 
> and lo and behold, it's not really from legit-user@yahoo.com.

So you will take mail from both legit-user@yahoo.com and 
doesnotexist@yahoo.com?  Ouch.

Well, yahoo doesn't to do SPF, so they are a bad example. But that
is why I run the SPF check first on the address.  If mail is coming
from an ip that is SPF authorized, and the email address has been
validated to exist via the callback, it is far closer to being
legitimate than without the checks.

Even if the mail is spam, and a joe-job, the set of sysadmins to
complain to has been narrowed down from the world to just two.  The
one who controls the SPF records, and the sysadmin for the ip.
Ususally, those two people are going to be the same.

> To me, that particular anti-spammer/spammer escalation simply makes mail 
> LESS useful. Long-term it doesn't solve the e-mail problem, but it 
> *will* increase blow-back, meaning a net *increase* in net abuse, not a 
> decrease.

No, the blow back is decreased because less DSNs generated, and less 
spam complaints to AOL/Spamcop.
* If the spammer is direct connecting to you, no DSN is generated, and
  the spam is killed.
* If the email went through one forwarder which is now connecting to 
  you, the forwarder would generate a DSN.  That mail had to pass the 
  forwarder's spam filters, so the only 20-50% of the garbage would 
  have been tested by you.

Credentials: I am the sysadmin for an ISP, and I wrote my own callbacks
about 6 months before Anthony wrote his.  
Caveot: Yes, about twice a month, I have to whitelist a machine that is
not accepting callback requests, or has spam filters that interfere with

-Mike Elliott

> Cheers,
> D

Lists Index Date Thread Search