Re: AOL testing new anti-spam technology

2004-02-20 Thread Toni Mueller 

On Sat, 24.01.2004 at 11:59:18 +1100, Russell Coker <[EMAIL PROTECTED]> wrote:
> One of the worst aspects of spam is the way much of it uses 
> forged sender addresses. AOL is hoping to stir up some organized 
> resistance to the practice of address forgery through a new 
> e-mail protocol called Sender Permitted From, or SPF. 
>  

There has been a heated discussion, but with imho valid arguments, on
the qmail user mailing list which imho highlights some conceptual
problems in SPF.

Please consider reading

http://www.space.net/~maex/Drafts/dns-mtamark/


Thank you!


Best,
--Toni++


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: AOL testing new anti-spam technology

2004-01-25 Thread Nate Campi 
On Sun, Jan 25, 2004 at 09:54:41AM -0500, Jeff S Wheeler wrote:
> 
> I don't understand how this problem will be solved for folks who travel.
> For example, many hotel access services redirect your SMTP TCP sessions
> to their local smart sender these days, as quite simply, that is the
> easiest way to prevent customers from being unable to send mail due to
> relay restrictions on their office or ISP mail server.

>From http://spf.pobox.com/forsysadmins.html: "You should enable port 587
so your roaming users can inject messages even when their hotel is
blocking port 25."

We had this problem with users using wireless networks like T-Mobile
hotspots, and worked around it with alternate ports.
-- 
Nate

"If you put a billion monkeys in front of a billion typewriters typing
at random, they would reproduce the entire collected works of Usenet in
about ... five minutes."   -Anon.  
 
"Come to think of it, there are already a million monkeys on a million
typewriters, and the Usenet is NOTHING like Shakespeare!"   -Blair Houghton

Re: AOL testing new anti-spam technology

2004-01-25 Thread Nate Campi 
On Sun, Jan 25, 2004 at 09:54:41AM -0500, Jeff S Wheeler wrote:
> 
> I don't understand how this problem will be solved for folks who travel.
> For example, many hotel access services redirect your SMTP TCP sessions
> to their local smart sender these days, as quite simply, that is the
> easiest way to prevent customers from being unable to send mail due to
> relay restrictions on their office or ISP mail server.

>From http://spf.pobox.com/forsysadmins.html: "You should enable port 587
so your roaming users can inject messages even when their hotel is
blocking port 25."

We had this problem with users using wireless networks like T-Mobile
hotspots, and worked around it with alternate ports.
-- 
Nate

"If you put a billion monkeys in front of a billion typewriters typing
at random, they would reproduce the entire collected works of Usenet in
about ... five minutes."   -Anon.  
 
"Come to think of it, there are already a million monkeys on a million
typewriters, and the Usenet is NOTHING like Shakespeare!"   -Blair Houghton


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: AOL testing new anti-spam technology

2004-01-25 Thread Jeff S Wheeler 
On Sat, 2004-01-24 at 13:07, Joey Hess wrote:
> One thing I've been wondering about is pseudo-forged @debian.org From
> addresses (like mine) and spf. It would seem we can never turn it on for
> toplevel debian.org without some large changes in how developers send
> their email.

I don't understand how this problem will be solved for folks who travel.
For example, many hotel access services redirect your SMTP TCP sessions
to their local smart sender these days, as quite simply, that is the
easiest way to prevent customers from being unable to send mail due to
relay restrictions on their office or ISP mail server.

--
Jeff

Re: AOL testing new anti-spam technology

2004-01-25 Thread Jeff S Wheeler 
On Sat, 2004-01-24 at 13:07, Joey Hess wrote:
> One thing I've been wondering about is pseudo-forged @debian.org From
> addresses (like mine) and spf. It would seem we can never turn it on for
> toplevel debian.org without some large changes in how developers send
> their email.

I don't understand how this problem will be solved for folks who travel.
For example, many hotel access services redirect your SMTP TCP sessions
to their local smart sender these days, as quite simply, that is the
easiest way to prevent customers from being unable to send mail due to
relay restrictions on their office or ISP mail server.

--
Jeff


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: AOL testing new anti-spam technology

2004-01-24 Thread Russell Coker 
On Sun, 25 Jan 2004 05:07, Joey Hess <[EMAIL PROTECTED]> wrote:
> Russell Coker wrote:
> > I've just implemented it the DNS for my domain.  It was easy enough to
> > do, and doesn't seem to have any great issues.  No mail from me has been
> > blocked yet.
>
> Do beware of the .forward issue.

That is an issue.  However for some time I have had my mail server configured 
to do DNS checks for significant domains when receiving mail.  The domains I 
have checks for include hotmail, yahoo, a few big ISPs, and my personal 
domain...

So when I send mail via /etc/aliases on some other machine that has an entry 
pointing back to me (EG root@ some machines where I have root access) then 
the message bounces when going to me, but then the bounce gets through.

I've also had the same issue with spam being sent through open relays where 
the From: and To: addresses are both my address, the original gets blocked 
but I get the bounce message.

> > The next thing is to make my mail server check such records before
> > receiving mail.
>
> Next version of spamassassin is supposed to do that.

That's not good enough.  To do it properly that check has to be done in the 
SMTP dialog.  I want the message to be rejected with code 55x to discourage 
the spammer from sending me any more.

> > Once we get some good test results we can ask the Debian listmasters to
> > consider implementing it for lists.debian.org.  There are significant
> > problems with spam going to the Debian lists and of @lists.debian.org
> > addresses being used to spam other people and causing bounce messages.
>
> One thing I've been wondering about is pseudo-forged @debian.org From
> addresses (like mine) and spf. It would seem we can never turn it on for
> toplevel debian.org without some large changes in how developers send
> their email.

True.

But protecting mailing lists is a much higher priority.  If you get one spam 
to your personal address you can send it to spamcop or just delete it.  If it 
goes to 10,000 people on a mailing list it causes a lot more bother.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: AOL testing new anti-spam technology

2004-01-24 Thread Russell Coker 
On Sun, 25 Jan 2004 05:07, Joey Hess <[EMAIL PROTECTED]> wrote:
> Russell Coker wrote:
> > I've just implemented it the DNS for my domain.  It was easy enough to
> > do, and doesn't seem to have any great issues.  No mail from me has been
> > blocked yet.
>
> Do beware of the .forward issue.

That is an issue.  However for some time I have had my mail server configured 
to do DNS checks for significant domains when receiving mail.  The domains I 
have checks for include hotmail, yahoo, a few big ISPs, and my personal 
domain...

So when I send mail via /etc/aliases on some other machine that has an entry 
pointing back to me (EG root@ some machines where I have root access) then 
the message bounces when going to me, but then the bounce gets through.

I've also had the same issue with spam being sent through open relays where 
the From: and To: addresses are both my address, the original gets blocked 
but I get the bounce message.

> > The next thing is to make my mail server check such records before
> > receiving mail.
>
> Next version of spamassassin is supposed to do that.

That's not good enough.  To do it properly that check has to be done in the 
SMTP dialog.  I want the message to be rejected with code 55x to discourage 
the spammer from sending me any more.

> > Once we get some good test results we can ask the Debian listmasters to
> > consider implementing it for lists.debian.org.  There are significant
> > problems with spam going to the Debian lists and of @lists.debian.org
> > addresses being used to spam other people and causing bounce messages.
>
> One thing I've been wondering about is pseudo-forged @debian.org From
> addresses (like mine) and spf. It would seem we can never turn it on for
> toplevel debian.org without some large changes in how developers send
> their email.

True.

But protecting mailing lists is a much higher priority.  If you get one spam 
to your personal address you can send it to spamcop or just delete it.  If it 
goes to 10,000 people on a mailing list it causes a lot more bother.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: AOL testing new anti-spam technology

2004-01-24 Thread Joey Hess 
Russell Coker wrote:
> I've just implemented it the DNS for my domain.  It was easy enough to do, 
> and 
> doesn't seem to have any great issues.  No mail from me has been blocked yet.

Do beware of the .forward issue.

> The next thing is to make my mail server check such records before receiving 
> mail.

Next version of spamassassin is supposed to do that.

> Once we get some good test results we can ask the Debian listmasters to 
> consider implementing it for lists.debian.org.  There are significant 
> problems with spam going to the Debian lists and of @lists.debian.org 
> addresses being used to spam other people and causing bounce messages.

One thing I've been wondering about is pseudo-forged @debian.org From
addresses (like mine) and spf. It would seem we can never turn it on for
toplevel debian.org without some large changes in how developers send
their email.

-- 
see shy jo


signature.asc
Description: Digital signature

Re: AOL testing new anti-spam technology

2004-01-24 Thread Joey Hess 
Russell Coker wrote:
> I've just implemented it the DNS for my domain.  It was easy enough to do, and 
> doesn't seem to have any great issues.  No mail from me has been blocked yet.

Do beware of the .forward issue.

> The next thing is to make my mail server check such records before receiving 
> mail.

Next version of spamassassin is supposed to do that.

> Once we get some good test results we can ask the Debian listmasters to 
> consider implementing it for lists.debian.org.  There are significant 
> problems with spam going to the Debian lists and of @lists.debian.org 
> addresses being used to spam other people and causing bounce messages.

One thing I've been wondering about is pseudo-forged @debian.org From
addresses (like mine) and spf. It would seem we can never turn it on for
toplevel debian.org without some large changes in how developers send
their email.

-- 
see shy jo


signature.asc
Description: Digital signature

Re: AOL testing new anti-spam technology

2004-01-24 Thread Russell Coker 
On Sat, 24 Jan 2004 12:23, [EMAIL PROTECTED] wrote:
> On Sat, Jan 24, 2004 at 11:59:18AM +1100, Russell Coker wrote:
> > One of the worst aspects of spam is the way much of it uses
> > forged sender addresses. AOL is hoping to stir up some organized
> > resistance to the practice of address forgery through a new
> > e-mail protocol called Sender Permitted From, or SPF.
> > 
>
> spf.pobox.com is the main site IIRC. It's a good idea, easy to implement.
> If everyone would start to use it, SPAM would be cut down.

I've just implemented it the DNS for my domain.  It was easy enough to do, and 
doesn't seem to have any great issues.  No mail from me has been blocked yet.

The next thing is to make my mail server check such records before receiving 
mail.

Once we get some good test results we can ask the Debian listmasters to 
consider implementing it for lists.debian.org.  There are significant 
problems with spam going to the Debian lists and of @lists.debian.org 
addresses being used to spam other people and causing bounce messages.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: AOL testing new anti-spam technology

2004-01-24 Thread Russell Coker 
On Sat, 24 Jan 2004 12:23, [EMAIL PROTECTED] wrote:
> On Sat, Jan 24, 2004 at 11:59:18AM +1100, Russell Coker wrote:
> > One of the worst aspects of spam is the way much of it uses
> > forged sender addresses. AOL is hoping to stir up some organized
> > resistance to the practice of address forgery through a new
> > e-mail protocol called Sender Permitted From, or SPF.
> > 
>
> spf.pobox.com is the main site IIRC. It's a good idea, easy to implement.
> If everyone would start to use it, SPAM would be cut down.

I've just implemented it the DNS for my domain.  It was easy enough to do, and 
doesn't seem to have any great issues.  No mail from me has been blocked yet.

The next thing is to make my mail server check such records before receiving 
mail.

Once we get some good test results we can ask the Debian listmasters to 
consider implementing it for lists.debian.org.  There are significant 
problems with spam going to the Debian lists and of @lists.debian.org 
addresses being used to spam other people and causing bounce messages.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: AOL testing new anti-spam technology

2004-01-23 Thread tps 
On Fri, Jan 23, 2004 at 08:25:52PM -0600, Andy Gardner wrote:
> 
> On Jan 23, 2004, at 7:23 PM, [EMAIL PROTECTED] wrote:
> 
> >spf.pobox.com
> 
> Am I correct in thinking that if I set up a TXT DNS record "v=spf1 
> -all" for all domains that DON'T have email addresses attached to them, 
> that this will prevent people from hijacking those domains to use for 
> fake email addresses for spamming AOL?

THat's the plan. SPF is quick and painless to set up, even if you
don't use it yourself. I've had it running on a few domains, and
have seen thousands of queries on the TXT records, which is nice to see.

Tim

-- 
><
>> Tim Sailer (at home) ><  Coastal Internet, Inc.  <<
>> Network and Systems Operations   ><  PO Box 726  <<
>> http://www.buoy.com  ><  Moriches, NY 11955  <<
>> [EMAIL PROTECTED]/[EMAIL PROTECTED] ><  (631)399-2910  (888) 924-3728   
>> <<
><

Re: AOL testing new anti-spam technology

2004-01-23 Thread tps 
On Fri, Jan 23, 2004 at 08:25:52PM -0600, Andy Gardner wrote:
> 
> On Jan 23, 2004, at 7:23 PM, [EMAIL PROTECTED] wrote:
> 
> >spf.pobox.com
> 
> Am I correct in thinking that if I set up a TXT DNS record "v=spf1 
> -all" for all domains that DON'T have email addresses attached to them, 
> that this will prevent people from hijacking those domains to use for 
> fake email addresses for spamming AOL?

THat's the plan. SPF is quick and painless to set up, even if you
don't use it yourself. I've had it running on a few domains, and
have seen thousands of queries on the TXT records, which is nice to see.

Tim

-- 
><
>> Tim Sailer (at home) ><  Coastal Internet, Inc.  <<
>> Network and Systems Operations   ><  PO Box 726  <<
>> http://www.buoy.com  ><  Moriches, NY 11955  <<
>> [EMAIL PROTECTED]/[EMAIL PROTECTED] ><  (631)399-2910  (888) 924-3728   <<
><


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: AOL testing new anti-spam technology

2004-01-23 Thread Andy Gardner 
On Jan 23, 2004, at 7:23 PM, [EMAIL PROTECTED] wrote:
spf.pobox.com
Am I correct in thinking that if I set up a TXT DNS record "v=spf1 
-all" for all domains that DON'T have email addresses attached to them, 
that this will prevent people from hijacking those domains to use for 
fake email addresses for spamming AOL?

Hurrah!

Re: AOL testing new anti-spam technology

2004-01-23 Thread Andy Gardner 
On Jan 23, 2004, at 7:23 PM, [EMAIL PROTECTED] wrote:

spf.pobox.com
Am I correct in thinking that if I set up a TXT DNS record "v=spf1 
-all" for all domains that DON'T have email addresses attached to them, 
that this will prevent people from hijacking those domains to use for 
fake email addresses for spamming AOL?

Hurrah!



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: AOL testing new anti-spam technology

2004-01-23 Thread tps 
On Sat, Jan 24, 2004 at 11:59:18AM +1100, Russell Coker wrote:
> One of the worst aspects of spam is the way much of it uses 
> forged sender addresses. AOL is hoping to stir up some organized 
> resistance to the practice of address forgery through a new 
> e-mail protocol called Sender Permitted From, or SPF. 
>  

spf.pobox.com is the main site IIRC. It's a good idea, easy to implement.
If everyone would start to use it, SPAM would be cut down.

Tim

-- 
><
>> Tim Sailer (at home) ><  Coastal Internet, Inc.  <<
>> Network and Systems Operations   ><  PO Box 726  <<
>> http://www.buoy.com  ><  Moriches, NY 11955  <<
>> [EMAIL PROTECTED]/[EMAIL PROTECTED] ><  (631)399-2910  (888) 924-3728   
>> <<
><

Re: AOL testing new anti-spam technology

2004-01-23 Thread tps 
On Sat, Jan 24, 2004 at 11:59:18AM +1100, Russell Coker wrote:
> One of the worst aspects of spam is the way much of it uses 
> forged sender addresses. AOL is hoping to stir up some organized 
> resistance to the practice of address forgery through a new 
> e-mail protocol called Sender Permitted From, or SPF. 
>  

spf.pobox.com is the main site IIRC. It's a good idea, easy to implement.
If everyone would start to use it, SPAM would be cut down.

Tim

-- 
><
>> Tim Sailer (at home) ><  Coastal Internet, Inc.  <<
>> Network and Systems Operations   ><  PO Box 726  <<
>> http://www.buoy.com  ><  Moriches, NY 11955  <<
>> [EMAIL PROTECTED]/[EMAIL PROTECTED] ><  (631)399-2910  (888) 924-3728   <<
><


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]