Spam: July 2004 Archives

I set up SPF

I set up SPF (aka Sender Policy Framework, aka Sender Permitted From) on my vanity domain name yesterday.

SPF is a method of publishing a list of servers used to send mail from my domain. If any message arrives from another source it should be treated with extreme suspicion or discarded. It is yet another tool used to authenticate a sending domain. The hope is that this will slow down the amount of spoofed email.

Continue reading I set up SPF.
By Roger on July 28, 2004 11:52 AM |

Business Newsletters not big spam source

Arial Software performed an audit of the email subscription practices of over 1000 companies. http://www.arialsoftware.com/whitepapers/SpamAudit2004.pdf

What they found in their study is that signing up for a newsletter from a reputable business doesn't get you onto any spammer lists. However, even big name companies have problems in unsubscribe requests and don't follow what Arial feels is a best practice of double opt-in. (They dont describe double opt-in that I saw, but I assume that is where you subscribe via webform and are sent a url via email that you must click on. Then they send you another confirmation that you are really in.)

By Roger on July 12, 2004 1:44 PM |

Greylisting

My personal ISP has started using Greylisting as a method to combat spam.

What is Greylisting?
Greylisting says that until proven otherwise we're not going to trust an inbound mail connection. It takes the envelope from, the envelope to and the source IP address and forms a tuple. If it has previously let that combination through, then it will whitelist in. But for most mail it will give a temporary failure message. Real mail servers will try again at a preset time. Spammers wont. Even if spammer catch on to this game and reattempt delivery, the mail server can be set to not accept the new attempt for delivery for a default time period (20 minutes). This really throws a monkey wrench into the amount of mail the spammer can send. If the spammer is using a mail sender that will retry, perhaps by that point in time he would be blacklisted due to imput from other antispam sources.

Thus far I am very happy about this on my "vanity" domain name. Not sure if it would be good for business use. Some mail server doesn't correctly retry after a transient error. (In my opinion non-RFC compliant mail servers should fix their stuff). Also in business use where a retry interval might be 4 hours minimum, it could really slow delivery. The auto-generating whitelist and manually generated whitelistss for business partners would really help that. It remembers which tuple combinations "reattempted" delivery and adds them to a temporary whitelist. The greylisting server I use also adds people I sent mail TO to my whitelist.

I can see problems caused by things like SPF and ways around it. Greylisting has some interesting potential.

Check out the following links for more info. I certainly cant say everything about greylisting in a brief blog entry. I'm just trying to introduce a cool concept.

www.greylisting.org

http://projects.puremagic.com/greylisting/

By Roger on July 3, 2004 8:50 PM |

George Gardiner - News Flash

George Gardiner weighs in a with a news flash. Not all blacklists are equal. I think the rest of us figured that out a few years ago. But George is a lawyer, so we'll give him a few years to catch up. He's still blustering about his right to be heard being hurt by these blacklisters. How there should be clear steps to exonerate his IP address. Apparently he cant deal with each IP address only having one strike.

The point he doesn't address in this article is why he is sending mail directly from his IP address. As I wrote earlier this week. I think that is a terrible idea. If his mail is so professional and so important, perhaps he should be sending it to a mailserver that can be trusted to attempt delivery.

Many people just flat out don't want mail from dynamic IP blocks. Stopping that mail slows down the spammers quite a bit. Many ISPs are already on board with this concept. They no longer allow their customers to sent mail out. These ISPs include Cox, Bellsouth, Earthlink, Mindspring, Verizon, Mediaone, and MSN.

I wonder who the intended audience is over at vnunet if this sort of article is actually informative. "Black-lists can backfire." Thanks for the newsflash.

Right next to this article is a job posting for a Sysadmin with a Security Specialty in the Cayman Islands. Pay is $47k-58k. Unfortunately applications were due by June 23rd. I thought that was kind of funny. Out of date advice regarding blacklists and out of date job posting information. All available at vnunet.com.

By Roger on July 2, 2004 3:30 PM |

Comcast's smtp disconnects ineffective

Back on May 24th I wrote about Comcasts plan to combat spam originating on its network. Comcast reported that they planned to terminate the ability of some users to send mail out via port 25. Unlike Cox Communications who turned off port 25 for all customers forcing them to use Cox's SMTP server, Comcast only did this to users who appeared to be used to send high amounts of spam.

News.com reports that spam from Comcast has dropped 35 percent since that time.

The news.com article played it evenly, but I felt that Comcast was trying to trumpet this as a great victory. To my way of thinking that it only dropped 35% shows that targeted disconnects are effective or aren't being done aggressively enough. Comcast should just do what the other major providers have done already. Cut off port 25 to all. That will stop 100% of the Comcast spam, not just 35% of it. If they want to be nice, they can then turn 25 back on for the people who really need it.

As a disclaimer, my ability to send mail outbound not using Cox's server has been cut off by Cox. At the time, I didn't like it. But now, I think its just good internet citizenship. Too many trojaned home systems are spewing forth spam. Its got to stop.

By Roger on July 1, 2004 4:54 PM |
« Spam: June 2004 | Main Index | Archives | Spam: August 2004 »

Search