On 02/16, Marc Perkel wrote: > I'm still waiting for RDNS to be widely adopted enough to penalize for > that. There is a lot of good email that comes from misconfigured > servers. If we can't get the world to do good RDNS I don't think we can > get the world to do some other more complex scheme.
If valid RDNS were a usefully unforgable way to detect spam, I like to think there would be more of a push to straighten it out. But spammers have quite a lot of IPs to use with valid RDNS already. So I think requiring it for something that has a better chance of blocking spam has a better chance of getting RDNS set up properly. On 02/16, Marc Perkel wrote: > I'm looking over your MTX site and like SPF I don't understand how it > stops spam. Thanks for at least addressing in part the email forwarding > issue. To take an example off the end of my log file: You get an email delivered by 163.20.114.1. You look up the host name (PTR record) of that IP, it's: dns.mcjh.tpc.edu.tw. The IP and hostname make the MTX record: 1.114.20.163.mtx.dns.mcjh.tpc.edu.tw. You look up the value of that DNS "A" record. It comes back "not found". That's an MTX Fail. So you check the MTX Policy on the domain. The MTX Policy record for that domain is named: policy.mtx.tpc.edu.tw. If that DNS "A" record had the value 127.0.0.2 (HardFail, no delegation), that would give this email an MTX HardFail, and you'd reject it. Does that answer your question? > In order to be a white list you have to do something spammers can't do. That's why a blacklist of spammers using MTX is necessary. I believe maintaining it will be far easier than maintaining blacklists of all the spammer domains or IPs, since there are fewer opportunities where a spammer owns both the IP *and* uses a domain they own. As I said in the example, MTX will have problems in cases where the spammer owns the IP and uses a throwaway domain, one which they only use for a short burst of spam until the blacklists catch up with them. But I believe that subset of IPs will be easier to maintain a blacklist of, and if the spammers are pinned down that far, and all we have to focus our attention on is the problem of throwaway domains, I think it'll get handled. SPF does not require the spammer to own the IP. They can use somebody else's IP, use a domain they own in the MAIL FROM, which points to the SPF record on their own domain, in which they can include whatever IPs they want. > this adds. As you know people register new domain names just to avoid > being on any list so your idea would seem to be a white list for those > who exploit that. *And* own the transmitting IP, yes. > As to penalizing those who don't participate, I already have enough I don't recommend that. > headaches with SPF and others who want to inflict their personal > standards on the whole of the email community. SPF. which has left me > with a bad attitude, does nothing for me to catch spam or pass ham. But > it does result in good email that I forward being blocked. Yup. That's specifically why I made MTX. > As to whitelisting - there's actually a far easier solution that I use. > I do RDNS to get the host name. Then I forward confirm it to verify that > it is valid. Spammers can't spoof that. Then I look it up in my host There are plenty of IPs configured to pass that available to spammers, but your next point covers that problem. > name white list of hosts who send nothing but good email. This actually > works extremely well. But like everyone I'm always looking for more Yup, that sounds good. DNSWL is a public whitelist intended for that kind of use, but based on IPs instead of host names. I assume you don't penalize email for not being on your whitelist? > ideas especially for white rules because in y bustness one good email > bounced is words that 100 spams not bounced. I think that's true for most people. It certainly shows in the non-spam / spam accuracy ratios SpamAssassin aims for when re-scoring the test set. -- "Anarchy is based on the observation that since few are fit to rule themselves, even fewer are fit to rule others." -Edward Abbey http://www.ChaosReigns.com
