|
|
Log in / Subscribe / Register

Going Upstream to Fight Spam (Wired)

[Posted January 20, 2004 by ris]

Wired covers a talk by Eric Raymond at a Spam Conference at MIT. "Raymond is promoting an antispam technology called SPF (sender permitted from), an open-standard SMTP (simple mail transfer protocol) extension that stops spam before ISPs have to download messages by rejecting those e-mails coming from forged addresses. Under SPF, e-mail users enter their valid domains and IP addresses into the SPF registry. More than 4,000 domains have published their SPF records, including AOL, said Raymond. The registry will also be supported by an upcoming version of SpamAssasin and other antispam applications."
to post comments

Going Upstream to Fight Spam (Wired)

Posted Jan 20, 2004 21:04 UTC (Tue) by freemars (subscriber, #4235) [Link] (3 responses)

I don't see how this prevents a spam-friendly ISP (i.e. outside Europe / North America) from whitelisting all it's spam-generating computers.

Going Upstream to Fight Spam (Wired)

Posted Jan 20, 2004 21:24 UTC (Tue) by dlang (guest, #313) [Link] (1 responses)

if the problem can really be reduced down to a few spam friendly ISP's like this then you can blacklist these ISP's without getting into the current nightmare of blacklisting

Going Upstream to Fight Spam (Wired)

Posted Jan 29, 2004 13:09 UTC (Thu) by job (guest, #670) [Link]

.. which leaves us with *exactly* the same situation as today.

Going Upstream to Fight Spam (Wired)

Posted Jan 20, 2004 21:27 UTC (Tue) by sab39 (guest, #2185) [Link]

It doesn't, but it's pretty simple to blacklist emails whose sender address is one of those domains.

Since domains have non-zero cost and it'll take very little time for any new spam-friendly (sender-permitted-from-known-spam-IPs) domains to make it into blacklists, this is probably a significant increase in the cost of sending spam - get a new domain every day or two with appropriate SPFs.

This measure is basically intended to prevent spoofed email, which is a large proportion of spam and virus email. It doesn't (by itself) stop spam, but it makes it a lot easier to identify, trace, and control by other means.

Personally, I expect the effect on virus mail will be much greater than the effect on spam - that's usually very naive about email spoofing and would blatantly violate all SPF records whenever they're present for the spoofed domain.

Going Upstream to Fight Spam (Wired)

Posted Jan 20, 2004 22:06 UTC (Tue) by crouchet (guest, #1084) [Link] (2 responses)

I don't know the exact mechanism but I would assume it could also be used to gather or at least confirm e-mail addresses for a SPAMers' known good list.

JC

Going Upstream to Fight Spam (Wired)

Posted Jan 20, 2004 23:06 UTC (Tue) by proski (guest, #104) [Link] (1 responses)

I don't know the exact mechanism but I would assume it could also be used to catch pink elephants on the far side of the Moon :-)

Please read the blurb: "Under SPF, e-mail users enter their valid domains and IP addresses into the SPF registry". E-mail addresses are not made available, only the IP addresses used to send e-mail.

Going Upstream to Fight Spam (Wired)

Posted Jan 21, 2004 8:36 UTC (Wed) by austinchuck (guest, #15358) [Link]

Using the SPF wizard ( http://spf.pobox.com/wizard.html ) gives you a pretty clear idea how the whole thing works...

Going Upstream to Fight Spam (Wired)

Posted Jan 21, 2004 12:33 UTC (Wed) by copsewood (subscriber, #199) [Link] (3 responses)

I'm confident enough that this proposal will improve matters to feel it's worth my while to be spending a few days writing code which implements the SPF spec. There is a very good incentive for domain owners to publish SPF records: the fact that spammers will have their unwanted mail more easily blocked if they try to forge it as if it were coming from your domain.

It only needs a few of the larger domains to publish SPF records to prevent forged AOL, Hotmail and Yahoo addresses from getting through. This gives MTA admins a good incentive to filter using SPF as it cuts down on the incoming spam.

Yes this will drive spammers into using non SPF-publishing domains, but this will make life progressively more difficult for non SPF publishing domain owners. Eventually all domains that want mail to be accepted and manageable will have to publish, including spammers, who, as another comment has pointed out, will then be more easily blacklisted using conventional means. Another benefit of this is that it will take away the financial incentive offered by spam houses to virus and trojan writers who create and distribute illegal software that converts broadband Windoze boxes into spam relays.

Going Upstream to Fight Spam (Wired)

Posted Jan 21, 2004 13:35 UTC (Wed) by nowster (subscriber, #67) [Link] (2 responses)

Problem with this scheme is:

User has mail account on ISP1, but cheap dialup account on ISP2. Uses ISP2 to pick up mail from ISP1's POP3 server, and send out mail using ISP2's SMTP server or using their own SMTP server (especially Linux users). Can't use ISP1's SMTP server as they're not on ISP1's IP addresses, and ISP1 denies relaying for external IPs in order not to be a spam relay.

Going Upstream to Fight Spam (Wired)

Posted Jan 21, 2004 18:23 UTC (Wed) by copsewood (subscriber, #199) [Link]

No one is pretending that this one can be implemented without various other aspects of the mail infrastructure requiring upgrade. The reason that 4000 domains have already published SPF records, with this number doubling every few weeks, is because the current infrastructure is being increasingly trashed by the spammers. I for one can no longer guarantee that all of my wanted incoming mail will be looked at any more (false positive spam detects), or that all of the 200 mails rejected by my system daily will be bounced (I don't want to hassle those whose legitimate addresses are forged on the spam I receive).

There will be users such as those you describe who will need some kind of authenticated SMTP relay service, or SMTP after POP. Those who send out mail for one ISP account from another ISP's dialup are likely to be smart enough to figure out how to upgrade to authenticated SMTP for outbound mail using the appropriate relay. Using a dialup machine for direct to MX mail is a bad idea, as it is likely to result in blocks from existing blacklists . These who don't want to know how to upgrade are likely to prefer to use web mail anyway which shouldn't be adversely affected.

Yes a few of the less competent ISPs who can't be bothered to upgrade will probably go out of business. Question of not being able to make omlettes without breaking some eggs.

What is likely to be a more significant problem is that mail forwarding will break and needs more significant redesign at the MTA level i.e. to rewrite the envelope headers of forwarded mail so as to create a reasonable path for bounces. Interestingly, one of the companies most active in introducing SPF is a legitimate mail-forwarding company ( pobox.com ).

SPF is being rapidly adopted because it is likely to lead to an immediate improvement for those who are worst affected by spam and by having their email identities stolen by spammers.

Going Upstream to Fight Spam (Wired)

Posted Jan 22, 2004 18:28 UTC (Thu) by sfeam (subscriber, #2841) [Link]

Why is this a problem, so long as ISP2 has it's own SMTP server
appropriately listed?
But yeah, running your own server is likely to be difficult.

SPF is not the solution

Posted Jan 29, 2004 13:19 UTC (Thu) by job (guest, #670) [Link]

It seems to me most of the people supporting SPF haven't spent very much
time in an ISPs abuse department or writing MTA software. Spam is illegal
and does at many times involve sending out viruses with backdoor software
to Outlook users and scanning nets for known vulnerabilities. The only
solutions that has proven good over time is blacklisting of known spammers
and open proxies/relays IPs, and end-user statistical filters.

Spammers will just increase the use of end-users computers and abuse
whitelisted relays. Remember that there are customers behind this who pay
for this to happend. The spammers who don't shift will rapidly see their
customers move to the ones who do.

SPF does not handle the spam problem. (I personally believe no single
solution ever will: We can't have super cheap mail service and not having
it misused.) is a remedy for 'joe-jobs', which is mailer-daemon (sometimes
spam) replies to innocent people whose addresses has been used as
return-path. This is a very good goal in itself, but SPF is the wrong
solution because it comes at the price of breaking mail forwarding. It's
simply not worth it.


Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds