Shutting Down the Highway to Internet Hell

Yahoo News / Ziff Davis: News ^ | 10 April 2005 | Larry Seltzer

[N3WBI3]

The most you can do here is to use a broken system and insert additional, incorrect information before passing along

Which is what most spammers do, hence my statement Spam is almost never traceable, it usually comes from a bunk address Stands...

[Squawk 8888]

Sounds like the way Microsoft does things. SP2 caused me a few headaches because the firewall was enabled by default and I only found out because I couldn't use Remote Desktop or install my VPN client. Ugh.

[dfrussell]

Just getting everyone to implement SPF records, and then require a valid SPF resolution before accepting the mail would fix the spambots.

Possibly, but SPF isn't likely to become widespread because many people use a return address unrelated to a sending site and SPF would eliminate this ability.

This means that you wouldn't be able to use your business address from hotmail and vice versa.

[Squawk 8888]

Actually it's pretty easy to trace, the problem is most users don't know where to look. The original IP is almost always in the header, so just run a WHOIS on it and forward to the owner of the address. That's how I shut down the guy who hacked Free Dominion and sent email threats to the membership.

[dfrussell]

Which is what most spammers do, hence my statement Spam is almost never traceable, it usually comes from a bunk address Stands...

1. Most spammers don't bother because they're not in the US and could care less if the spambots they're using are blacklisted.

2. It's easy to check the mailing headers and verify the chains. If one of the hops is an open proxy, you know that anything prior to that is bogus, and there are a number of locations which will give you a free ID and a web interface which will automatically do this for you.

Believe what you like, but you're wrong.

[tacticalogic]

This means that you wouldn't be able to use your business address from hotmail and vice versa.

I not really sure if I'd care about getting email from someone who runs their business email from a hotmail account, anyway.

[tacticalogic]

2. It's easy to check the mailing headers and verify the chains. If one of the hops is an open proxy, you know that anything prior to that is bogus, and there are a number of locations which will give you a free ID and a web interface which will automatically do this for you.

Open relays get blacklisted in short order. 99+% of the time, the ip address your mail server got it from is the source, and everything before that is a lie.

[dfrussell]

I not really sure if I'd care about getting email from someone who runs their business email from a hotmail account, anyway

Possibly I wasn't clear...

Lots of people with corporate IDs go home and work (lots of Type As out there) or have a blackberry and want to use their coroprate ID as a return address. This wouldn't be possible and IT mgmt isn't going to implement because corporate mgmt would complain :)

[dfrussell]

Open relays get blacklisted in short order. 99+% of the time, the ip address your mail server got it from is the source, and everything before that is a lie.

You're confusing open relay and open proxy.

You can fake some of the header info with an open proxy, but you can't with an open relay.

Very little spam is sent through open proxies and those are also tracked in RBLS.

[tacticalogic]

Lots of people with corporate IDs go home and work (lots of Type As out there) or have a blackberry and want to use their coroprate ID as a return address. This wouldn't be possible and IT mgmt isn't going to implement because corporate mgmt would complain :)

Corp email from home or a Blackberry is pretty standard stuff. Even a small business can set up an email server with a web front end.

[tacticalogic]

I'll still stand by my statement. A mailserver configured as an open relay will be found by the spammers and exploited, and will be blacklisted by all the major RBL's within 48 hours.

[dfrussell]

Corp email from home or a Blackberry is pretty standard stuff.

And they won't work if DNS/SPF listed the valid outbound IPs for a domain.

Even a small business can set up an email server with a web front end.

Yes, but many people in mgmt do not care to use them :)

[dfrussell]

I'll still stand by my statement. A mailserver configured as an open relay will be found by the spammers and exploited, and will be blacklisted by all the major RBL's within 48 hours.

OK.... well if this is now your "statement", obviously your previous statement that the IPs can't be tracked is incorrect... which means you've just agreed with me because that is the one I said was incorrect :)

[tacticalogic]

I didn't say it couldn't be tracked. Someone else, maybe?

[tacticalogic]

And they won't work if DNS/SPF listed the valid outbound IPs for a domain.

I meant from the corp's own mailserver.

Yes, but many people in mgmt do not care to use them :)

I find they warm up to the idea quite nicely when it's the only way their email is going to get delivered :).

[dfrussell]

I didn't say it couldn't be tracked. Someone else, maybe?

Could be... tough to keep track after awhile :)

48 hours in terms of spam is ancient history, and many locations will not even accept reports of spam > 48 hours.

I agree that most open relays are discovered, exploited and blacklisted easily within 48 hours.

[N3WBI3]

So your saying that I can not forge a mail header to come from a false address if I ay... find an open relay?

[tacticalogic]

I agree that most open relays are discovered, exploited and blacklisted easily within 48 hours.

Agreed, I was just making allowances for the odd holiday weekend debut.

[Bush2000]

Sounds like allota work for a little gain. inorder for this to be measurabally useful SMTP will have to be trashed. It would be easier for IPS's to allow users to create white list via some kind of web interface, and for the ISP to force reverse lookup of incoming mail.

Some ISPs (ie. Earthlink) do something similar.

as for the 250 a month what about listserves?

The beauty of my scheme is that email senders would have to identify themselves, so listservs could probably get an exception (since they are opt-in/-out).

What you propose would work, but what you get out of it is no different than a person creating a deny *, and putting allowed addresses infront of it.

Not true. It would allow anyone to send anybody mail. But the difference is that it would prevent spammers from sending bulk-mailings.

[dfrussell]

I meant from the corp's own mailserver.

OK... but my point was the exact opposite.

I find they warm up to the idea quite nicely when it's the only way their email is going to get delivered :).

The company owns the relays and irrespective of what the techs think, mgmt makes the decisions.

Without prior mgmt agreement, this is probably grounds for termination, and I'm rather fond of being paid :)