From owner-freebsd-questions@FreeBSD.ORG Sun Mar 11 23:11:59 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D3D0F16A403 for ; Sun, 11 Mar 2007 23:11:59 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out5.smtp.messagingengine.com (out5.smtp.messagingengine.com [66.111.4.29]) by mx1.freebsd.org (Postfix) with ESMTP id 992C413C448 for ; Sun, 11 Mar 2007 23:11:59 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.internal (unknown [10.202.2.149]) by out1.messagingengine.com (Postfix) with ESMTP id A77E31F7209; Sun, 11 Mar 2007 19:11:59 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by out1.internal (MEProxy); Sun, 11 Mar 2007 19:11:59 -0400 X-Sasl-enc: 6vLR8UUyAW9gl1GWNP0U8mM1IU/os1JSB5nDkxtlUG71 1173654719 Received: from [10.1.10.136] (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id 3010B956B; Sun, 11 Mar 2007 19:11:58 -0400 (EDT) In-Reply-To: <26face530703101127l558d2db7y54ddb6674d663383@mail.gmail.com> References: <26face530703101127l558d2db7y54ddb6674d663383@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jeffrey Goldberg Date: Sun, 11 Mar 2007 18:11:54 -0500 To: Kelly Jones X-Mailer: Apple Mail (2.752.2) X-Mailman-Approved-At: Mon, 12 Mar 2007 00:12:55 +0000 Cc: nmosug-l@mailman.swcp.com, linuxusersgroup@googlegroups.com, freebsd-questions@freebsd.org, nmlug@nmlug.org, users@spamassassin.apache.org Subject: Re: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 23:12:00 -0000 [mailed and posted] On Mar 10, 2007, at 1:27 PM, Kelly Jones wrote: > To fight spam, I want to validate the address (not necessarily in > real-time) of the a given email sender. Is there a Unix tool that does > this? > > The basics are simple: to validate "kmnyqi@wnonline.net", I connect to > the MX record of wnonline.net and go as far as "RCPT TO" as follows: > [...] > RCPT TO: > 550 : Recipient address rejected: 5.1.1 > ... User unknown > > > This tells me kmnyqi@wnonline.net is an invalid address and that mail > from that address is probably bogus. > > A more sophisticated tool would cache results, handle temporary > failures [...] In some anti-spam discussions what you are proposing is referred to as "call-backs". > I realize this technique is far from perfect: > > Spammers spoof legit addresses Indeed they do. As someone who has at times received more than 100 bounces per minute over the span of a week because some spammer decided that my address would be a good one to forge, I am well aware of that. In general, we have a question of how well any spamming counter measure scales. If most SMTP servers did the kind of verification you wish to do, than most spam would be sent with forged genuine addresses. So when considering using such a system, consider the overall cost to legitimate users vs the counter counter measures spammers will take. In this case the counter counter measures available to spammers is so much easier and cheaper than the verification system itself, that it's not really a good idea to try such verification. > Bounces/Mailing lists/etc legitimately use "do not reply" addresses > > It could be considered unfriendly to the target MX servers As you've already seen, some managers of MXes complain, others find the added load negligible. > Some mail servers incorrectly say "user unknown" when they see spam, > figuring it's more of a deterrent than saying "you're a spammer" Yes. An unknown user response is more likely to get the address removed from a list than a policy bounce. > Some mail servers inefficiently accept mail for "foo@xxx.com" (where > xxx.com is one of their domains), figure out if foo exists later, and > send a bounce back to the envelope sender, instead of rejecting email > at the SMTP level Yes. While I'm a believer in "reject early, reject often" lots of sites don't or can't say that an address is bad at SMTP RCPT TO: time. Often these are situations where an MS-Exchange server is the "real" mailhub for an organization, but it is being protected from direct access from the Internet by having a Unix box stand between it and the network. Other MTAs just accept and then bounce (instead of rejected at SMTP time) as a matter of (mis)design. Some very deliberately don't provide verification at STMP time as a means to make it harder for spammers to collect email addresses. Indeed, this is why the VRFY command is almost never implemented by STMP servers these days. Anyway, others have pointed you to tools for doing what you want. The newsgroups or mailing lists (and FAQs) for the particular MTA you use will point you to how to plug in such tools into their MTA. As I've suggested, I'm not a particular fan of this particular counter measure, but you will have seen that opinions differ. Cheers, -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/