Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Jan 2006 21:49:11 -0800
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Ceri Davies" <ceri@submonkey.net>
Cc:        questions@freebsd.org, Robert Slade <bsd@bathnetworks.com>
Subject:   RE: Spamcop listed - need help to diagnose why
Message-ID:  <LOBBIFDAGNMAMLGJJCKNOEEBFDAA.tedm@toybox.placo.com>
In-Reply-To: <20060109111637.GG97223@submonkey.net>

next in thread | previous in thread | raw e-mail | index | archive | help


>-----Original Message-----
>From: Ceri Davies [mailto:ceri@submonkey.net]
>Sent: Monday, January 09, 2006 3:17 AM
>To: Ted Mittelstaedt
>Cc: questions@freebsd.org; Robert Slade
>Subject: Re: Spamcop listed - need help to diagnose why
>
>
>> The damage done to the Internet by just a single host that might
>> previously gotten infected with a mass-mailer, but now isn't, far
>> outweighs the damage done
>> to the Internet by having legitimate mail to a domain be
>delayed for a few
>> minutes.
>>
>> Obviously the best choice is to replace the mailserver, good
>luck though
>> in companies using Lotus Notes.
>
>Agreed, but my point is that there is no need to delay the mail.  Simply
>not listing the MX record in the public DNS would achieve the exact same
>thing, without forcing my MTA to wait for a timeout.
>

In a perfect world it would - but the same organizations that are out
there
using archaic versions of Exchange, or notes mail, or whatever - these
are
the organizations that are often in very imperfect worlds, and you
sometimes
have to make compromises.

As I said earlier if you have a choice between elimiinating a spam sink,
and
delaying everyone mailing to them a bit, and there's no other option,
then
which is better?

>
>> Nobody else on the Internet is bothered that your own
>> personal mail to your own recipients gets delayed, so I think your
>> mistaken in calling this massively rude.
>
>Well of course they aren't, but nobody else on the Internet is bothered
>if I take a crap on your doorstep.  That doesn't preclude it from being
>completely out of order.
>

Hey, maybe I am low on fertillizer for the flower bed!  One man's crap is
another man's treasure, after all.

> The real analogy is an advert that says:
>
>   Call 123-456-7890 or 123-456-7891 to speak to us.
>   We'd prefer it if you called 123-456-7890 as it's cheaper for
>   us.
>
>This is exactly what MX records state.  Then you just let 123-456-7890
>ring, with no intention of ever picking it up.

Actually, if your entire goal is to get assholes to call you, this might
be
a good way to select them - you would have to run caller ID on
both lines and eliminate the people who's phone number showed up
on 7890 first.  Although, come to think of it, assholes probably
have a better chance than normal of blocking caller ID.

Oh well just got to make both of them 800 numbers, then,
that will defeat the caller ID blocks.

>Saying "so don't call"
>isn't good enough, as I have to ring it to find out that nobody is
>answering, and I *still* don't know if they will answer next time I
>call; there is certainly no indication that they won't, and I have a
>card in my hand that says that they will.
>

>
>> However, you are also fundamentally missing the point of the scam as
>> well.  ANY prefilter system even if you use internal routes,
>or a second
>> set of nameservers, is able to be hijacked by a spammer in
>this manner.
>> And a spammer can detect prefilter hosts simply by sending a single
>> forgery with a legitimate senders address and a bogus
>recipient address,
>> and when the message is bounced, they can look at the headers and see
>> if a prefilter is involved.  They don't even have to look at the
>> DNS MX records.
>
>I don't see how I am missing the fundamental point; I never made any
>attempt to address it.  All I said was that listing systems that do not
>exchange mail in the mail exchanger records is rude, and you can not
>convince me otherwise.
>

And what I said was that these sorts of setups cannot be used anymore
due to the spammers using them as relays - whether or not it is a single
MX listing or multiple MXes listed.  I cannot in fact think of a single
way
now to list an MX host that only relays mail, whether or not it's a
single
listing or multiple listings, whether or not the multiple listings all
accept
mail or only some of them accept mail, whether or not you have an
access.db
setup that filters by domain name or not, or IP number or not, that does
not create a relay host that a spammer can use for relaying.

That is the fundamental point - which is that a setup like your saying
where
your listing a system that does not exchange mail in the mail exchanger
records - just cannot exist anymore, because if it does then it means a
relay MX host somewhere, which can be used for spamming.

So the entire discussion is academic I think.  But, that doesen't make it
a boring discussion.  Probably way beyond a lot of the posters here,
though.

Ted




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNOEEBFDAA.tedm>