--On 27 December 2006 10:33:41 +0000 Peter Bowyer <[EMAIL PROTECTED]> wrote:
> On 27/12/06, David Saez Padros <[EMAIL PROTECTED]> wrote: >> Hi !! >> >> >>> I would like to increase a spam defense of our server by checking if >> >>> a sender really represents an MX server of his/her organization. So >> >>> if a certain PC is trying to send me an e-mail from [EMAIL PROTECTED] >> >>> then we will check if this person's IP address is within MX servers >> >>> of domain.com, otherwise we'll refuse to accept the mail. >> >> This is misguided. There's no useful correlation between outbound mail >> >> relays and inbound MXs for a large proportion of the internet. Don't >> >> do it. >> >> >> > OK, I see I was wrong. I just wanted to implement it because some >> > prominent unix person had suggested this way of struggling with >> > spammers. >> >> you just could use this check to score messages when no spf >> >> http://www.ols.es/exim/acl/ismx.acl > > Even if you only use that for scoring, I still believe it's unwise. > What you're actually doing is scoring the sending domain's email > infrastructure against what you believe it should look like. Actually, I don't think this matters. The problem that you're highlighting is that there's no information regarding email that fails the test. Fair enough. However, email that passes the test probably is less likely to be spam [if only because spammers don't usually use their own resources to send email, or because one can potentially punish them later if they do], so the test might be useful for whitelisting. As a trite analogy: I know my mother's voice on the phone, so when she calls I trust that it's her on the phone. However, I can't authenticate the identity of strangers when they call, so my "mother's voice" test isn't useful when it fails. That doesn't mean that the test isn't useful, just that it's not comprehensive. > A few > tens of millions (beermat estimate - AOL, Hotmail, Gmail, Wanadoo for > starters) of ISP users across the world would score badly for the sole > reason that their provider chose a particular way of engineering their > email system. Actually, you need to take Hotmail off that list, since they do publish SPF records, so their servers would pass this test. > It might be instructive to collect statistics on incoming email that > passes or fails this check, and see how much of a spam sign it is > compared with a false positive, however. Then see how much of the real > spam would have been caught by other tests, and decide whether the FP > rate, perhaps augmented with whitelisting, makes it worthwhile. I'll > bet a large portion of Christmas Pudding that it will turn out to be > of no use. > > Peter > > -- > Peter Bowyer > Email: [EMAIL PROTECTED] -- Ian Eiloart IT Services, University of Sussex -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
