[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Forged sender test
> When it comes to spam-blocking, material scanning, and analysis
> with bayesian statistics filtering might be most worthwhile.
I suppose will try to convince them that a forgery test is performed at the
content filtering phase. I'm using Spamassassin and I'm pretty sure that's
one of the tests. The message won't be denied flat-out but the spam score
will increase slightly. That should be enough.
Thanks for the info guys.
----- Original Message -----
From: "Matti Aarnio" <mea@nic.funet.fi>
To: "Vince Puzzella" <vpuzzella@bluecatnetworks.com>
Cc: <zmailer@nic.funet.fi>
Sent: Saturday, January 11, 2003 4:33 PM
Subject: Re: Forged sender test
> On Sat, Jan 11, 2003 at 03:45:16PM -0500, Vince Puzzella wrote:
> > I see you point and agree totally. But a forged sender test option
> > is required by my spec. I didn't come up with it and I don't have
> > the patience, time, and energy to convince the powers that be
> > otherwise :). I was just wondering if I was missing something
> > and it was possible without any source code changes.
> >
> > Thanks anyway.
>
> Nothing is worse, than semi-cluefull specs-writers..
>
> There are lots of large ISPs which have e.g. their web-mail systems
> running so that outgoing email comes out from different addresses,
> than where the ingoing email goes. I picked at random one email:
>
> Received: from smtp018.mail.yahoo.com ([216.136.174.115]:32265 "HELO
> smtp018.mail.yahoo.com") by vger.kernel.org with SMTP
>
> Look for "dig mx yahoo.com" and observe, what addresses appear
> for the MX target addresses. None match the one shown above.
>
> Same story with hotmail.com.
>
>
> Another situation are users with .forward, which resends
> incoming email to another address without altering origination
> address.
>
>
> ZMailer does verify that MAIL FROM address (domain) is routable.
> I have observed some systems to back-probe outgoing MAIL FROMs
> with:
> EHLO something..
> MAIL FROM:<>
> RCPT TO:<outgoing@source.address>
>
> When I raised attention of people who had begun to do that, I raised
> it because they didn't do any sort of caching of the results, and
> a high-volume list server got 300+ backtests for each target domain
> with subscribers...
>
> The idea itself might make some sense, but of course it falls on its
> face when backup MX server says "yeah, I will relay to that domain",
> and possibly even the primary is "fine, I handle that domain", like
> what default ZMailer smtpservers are doing.
>
>
> When it comes to spam-blocking, material scanning, and analysis
> with bayesian statistics filtering might be most worthwhile.
>
> --
> /Matti Aarnio <mea@nic.funet.fi>
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi
>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi