From owner-freebsd-questions@FreeBSD.ORG Sun Mar 11 20:29:40 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1168616A401 for ; Sun, 11 Mar 2007 20:29:40 +0000 (UTC) (envelope-from chad@shire.net) Received: from hobbiton.shire.net (mail.shire.net [166.70.252.250]) by mx1.freebsd.org (Postfix) with ESMTP id 00FFD13C448 for ; Sun, 11 Mar 2007 20:29:39 +0000 (UTC) (envelope-from chad@shire.net) Received: from [67.171.127.191] (helo=[192.168.99.68]) by hobbiton.shire.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.51) id 1HQUfj-000F5R-9r; Sun, 11 Mar 2007 14:29:39 -0600 In-Reply-To: <20070311200829.31802.qmail@simone.iecc.com> References: <20070311200829.31802.qmail@simone.iecc.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <0AC225E6-E55D-4C20-9A00-2EDD95985848@shire.net> Content-Transfer-Encoding: 7bit From: "Chad Leigh -- Shire.Net LLC" Date: Sun, 11 Mar 2007 14:29:38 -0600 To: John Levine X-Mailer: Apple Mail (2.752.2) X-SA-Exim-Connect-IP: 67.171.127.191 X-SA-Exim-Mail-From: chad@shire.net X-SA-Exim-Scanned: No (on hobbiton.shire.net); SAEximRunCond expanded to false Cc: freebsd-questions@freebsd.org Subject: Re: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 20:29:40 -0000 On Mar 11, 2007, at 2:08 PM, John Levine wrote: >>> I have some fairly heavily forged domains, and on a bad day I see >>> upwards of 300,000 connections from bounces, "validation", and the >>> like attacking the little BSD box under my desk where the MTA is. >>> Gee, thanks a lot. >> >> Verification has nothing to do with bounces and mail bombs. You may >> get some traffic from verification but you would need to separate >> that out from the rest which is unrelated before you have a >> meaningful statistic. > > I have, it's meaningful. Verizon is the worst offender, but at least > they put their attack hosts in a separate easy to block IP range. Amazing, as I run mail for lots of domains, and replying to sender verification is almost a nonexistent load compared to the mail bombs and bounces etc. Show me your numbers. > >>> What planet have you been on? A few years back spam return >>> addresses >>> were typically complete fakes in nonexistent domains. Now they're >>> picked out of the same victim lists as the targets. >> >> They have been doing that for ages. I run a hosting service and have >> had that problem way before sender verification became in vogue. > > Definitely different planets. Bye. When you come back to earth, let us know :-) > > R's, > John > > PS: > >>> YOU are responsible for the mail sent with your domain on it. > > Oh, OK. So when someone sends out mail with your forged return > address saying "buy this worthless stock, then get your kiddy porn > here", you will report directly to jail without complaining, right? I phrased it wrong. You are not responsible for the content, but you are responsible for the mail domain and that includes verifying that mail is validly from your domain you are responsible for. email is a cooperative service where all people promise to expend resources to make it work, and to follow the RFCs. If you block valid verification, you are abrogating your responsibility to the rest of the net to cooperate in the exchange of email and you are breaking the RFCs. (valid verification includes checking that the sender can accept a proper DSN back, which is required of the sender to do). Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net