Date: Mon, 9 Jan 2006 21:49:11 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Ceri Davies" <ceri@submonkey.net> Cc: questions@freebsd.org, Robert Slade <bsd@bathnetworks.com> Subject: RE: Spamcop listed - need help to diagnose why Message-ID: <LOBBIFDAGNMAMLGJJCKNOEEBFDAA.tedm@toybox.placo.com> In-Reply-To: <20060109111637.GG97223@submonkey.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: Ceri Davies [mailto:ceri@submonkey.net] >Sent: Monday, January 09, 2006 3:17 AM >To: Ted Mittelstaedt >Cc: questions@freebsd.org; Robert Slade >Subject: Re: Spamcop listed - need help to diagnose why > > >> The damage done to the Internet by just a single host that might >> previously gotten infected with a mass-mailer, but now isn't, far >> outweighs the damage done >> to the Internet by having legitimate mail to a domain be >delayed for a few >> minutes. >> >> Obviously the best choice is to replace the mailserver, good >luck though >> in companies using Lotus Notes. > >Agreed, but my point is that there is no need to delay the mail. Simply >not listing the MX record in the public DNS would achieve the exact same >thing, without forcing my MTA to wait for a timeout. > In a perfect world it would - but the same organizations that are out there using archaic versions of Exchange, or notes mail, or whatever - these are the organizations that are often in very imperfect worlds, and you sometimes have to make compromises. As I said earlier if you have a choice between elimiinating a spam sink, and delaying everyone mailing to them a bit, and there's no other option, then which is better? > >> Nobody else on the Internet is bothered that your own >> personal mail to your own recipients gets delayed, so I think your >> mistaken in calling this massively rude. > >Well of course they aren't, but nobody else on the Internet is bothered >if I take a crap on your doorstep. That doesn't preclude it from being >completely out of order. > Hey, maybe I am low on fertillizer for the flower bed! One man's crap is another man's treasure, after all. > The real analogy is an advert that says: > > Call 123-456-7890 or 123-456-7891 to speak to us. > We'd prefer it if you called 123-456-7890 as it's cheaper for > us. > >This is exactly what MX records state. Then you just let 123-456-7890 >ring, with no intention of ever picking it up. Actually, if your entire goal is to get assholes to call you, this might be a good way to select them - you would have to run caller ID on both lines and eliminate the people who's phone number showed up on 7890 first. Although, come to think of it, assholes probably have a better chance than normal of blocking caller ID. Oh well just got to make both of them 800 numbers, then, that will defeat the caller ID blocks. >Saying "so don't call" >isn't good enough, as I have to ring it to find out that nobody is >answering, and I *still* don't know if they will answer next time I >call; there is certainly no indication that they won't, and I have a >card in my hand that says that they will. > > >> However, you are also fundamentally missing the point of the scam as >> well. ANY prefilter system even if you use internal routes, >or a second >> set of nameservers, is able to be hijacked by a spammer in >this manner. >> And a spammer can detect prefilter hosts simply by sending a single >> forgery with a legitimate senders address and a bogus >recipient address, >> and when the message is bounced, they can look at the headers and see >> if a prefilter is involved. They don't even have to look at the >> DNS MX records. > >I don't see how I am missing the fundamental point; I never made any >attempt to address it. All I said was that listing systems that do not >exchange mail in the mail exchanger records is rude, and you can not >convince me otherwise. > And what I said was that these sorts of setups cannot be used anymore due to the spammers using them as relays - whether or not it is a single MX listing or multiple MXes listed. I cannot in fact think of a single way now to list an MX host that only relays mail, whether or not it's a single listing or multiple listings, whether or not the multiple listings all accept mail or only some of them accept mail, whether or not you have an access.db setup that filters by domain name or not, or IP number or not, that does not create a relay host that a spammer can use for relaying. That is the fundamental point - which is that a setup like your saying where your listing a system that does not exchange mail in the mail exchanger records - just cannot exist anymore, because if it does then it means a relay MX host somewhere, which can be used for spamming. So the entire discussion is academic I think. But, that doesen't make it a boring discussion. Probably way beyond a lot of the posters here, though. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNOEEBFDAA.tedm>