Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal atsmtpng.org)

  • From: David Van Duzer
  • Date: Mon Aug 26 16:56:30 2002

On Mon, 2002-08-26 at 13:43, Jeroen Massar wrote:
> Read my sentence again, because I really won't see everybody install/use
> it.
> One can also simply see so by the problems related to the fact of
> installing security updates.
> Some 'companies' and individuals are simply too sleezy/lousy or whatever
> to do it.
> And thus open spam relays will be kept alive which is why there are
> RBL's.
> 
> This will only help a bit, and tools like SpamAssasin/Razor will keep a
> load of stuff of your servers.

Paul's proposal doesn't require battening down every mail server out
there either.  The particularly useful aspect of this approach is that
clueful administrators of more visible mail servers can cut down on
being spoofed.  This would also be specifically effective against Klez
and similar annoyances.  It doesn't matter if the spammer/virus is
cooperating with the system or not.  If the final destination contacts
the mailfrom callback server, and it says "This definitely isn't
legitimate" then even with a small adoption rate, there will still be a
significant decrease in cruft, and the mail system being spoofed has
something better to point at when they get flooded with complaints from
people who actually trust the <mail from> field.  But then, all this is
fairly clear in the draft.  I can't figure out why it hasn't been more
widely accepted as a Good Idea.  The presumably appropriate topic for
discussion on this list is why a system such as this would be a problem
for network operators who choose not to implement such a callback
feature.  So far the only objection I've seen is "It won't make any
difference" and that seems to be a flimsy argument.  Please correct me
if I'm missing something.


> 
> Making it harder to get into your house is better than putting the doors
> wide open...
> Every bit helps...

Exactly.

-dvd





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.