h a l f b a k e r yVeni, vidi, teenie weenie yellow polka dot bikini.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
OK, there are tons of postings here for spam, so apologies if this has been done...
This is the simplest way to eliminate most spam that I can think of, so it probably has many holes in it.
1. A server with mail to send contacts the destination server and notifies that there is mail to be picked
up - very short message, provides mail message ID and server domain name only (mail1.abc.com or abc.com) and IP addresses are not allowed.
2. Destination server does either a local blacklist lookup or checks a public blacklist or both to see how many spams it has received from the sender server or domain, makes a decision whether to pick up or not based on its configured threshold. If no, then we are done.
3. If yes, destination server does a DNS lookup on the domain name and retrieves the correct message from the sender server using the message ID.
I would suggest the use of some encryption for the initial transaction to ensure that the message IDs are not intercepted in transit.
In the case of DNS abuse by registering tons of bogus domains, the registrars would have to be vigilant, but remember there would be a non-trivial cost in time and money to doing this.
This prevents zombies from sending mail direct from a PC, as the PC has no registered DNS address. It also provides an automatic blacklist system as large servers could publish lists of the largest spammer servers or domains.
So - why won't this work?
How to protect your server against being used as a mail relay.
http://www.mail-abu...an_sec3rdparty.html
[reensure, Dec 15 2005]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Destination URL.
E.g., https://www.coffee.com/
Description (displayed with the short name and URL.)
|
| |
Many mail servers are already configured to reject mail from IP addresses without a reverse lookup. How is this any different? |
|
| |
What [NoOneYouKnow] said. And this really was a very effective counter measure, some time briefly in spring 1985. |
|
| |
Like legitimate users, the zombie PC sends email via the PC owner's ISP provider, that is, via a normal SMTP gateway. That SMTP gateway has a DNS address (and handles lots of legitimate traffic). |
|
| |
I guess that the advantage here is that
you have a genuine record of the server
that sent the mail (as you have to visit it
to retreive the mail). |
|
| |
I thought that trojans that zombify PCs
to send spam carried their own SMTP
server. If this is the case then the idea
would block those zombies. If they do
use the ISP's SMTP server then at least
the spam is identified higher up the
chain and the server could be informed
that it is sending out spam and email
the users whose IP addresses are doing
so. |
|
| |
The trouble that I see is that every mail
app
and server out there is going to have to
be rewritten to incorporate this
new protocol, and that's no quick fix. |
|
| |
[+] for the thought, though. I really
want to see a email system where
nobody
can send a message without
disclosing their email address (or in this
case originating server). |
|
| |
"every mail app and server out there is going to have to be rewritten" - won't that be required for any permanent fix for spam? |
|
| |