Anti-spam SMTP mods

Daniel Siemens Dsiemens at kcimplants.com
Tue Mar 9 18:05:18 CST 2004 

If all admins would set up reverse DNS we could enable this ability to verify that the domain in 
the email is indeed the one that is sending it, we would also see a dramatic decline in spam.   I 
suspect that 75% of email is from servers that don't have reverse DNS records setup.   I would 
expect that 50% of those without reverse DNS account for 80% of the spam.   
 
 

________________________________

From: owner-kclug at kclug.org on behalf of Lucas Peet
Sent: Tue 3/9/2004 10:33 AM
To: Jonathan Hutchins
Cc: kclug at kclug.org
Subject: Re: Anti-spam SMTP mods

Jonathan Hutchins wrote:
> There are already authorization methods, and means that allow only
trusted
> servers to connect to your server.  SSL is one of the preferred
methods.  As
> long as you trust the connecting server, you can trust mail from it,
assuming
> it is adequately protected against relaying from bogus hosts.

It's not about authorization.  A 'good' server can still send both good
and bad emails.  It's about the originating server digitaly signing the
*header* portion of an email, certifying that it indeed came from this
server, any changes to the headers will render the signature invalid,
and thus should be rejected by the receiving server.

Anti spam software that currently modifys header information will need
to adapt to this, and snatch and scan the email *before* it hits the
STMP relay.

> I think that's one of the reasons all these ideas for securing and
authorizing
> mail fail to catch on.  I know I have no enthusiasm for setting up a
> "handshake" system that will reach maybe two or three percent of the
servers
> out there.

Again, there'd be no handshake, just a validation of the signature and
headers, verifying that it came from a live, good IP & email address (It
could check the validity of an email address by a short, mimic delievery
request to the email address to prevent using known undelieverable email
addresses from sending outgoing email), that couldn't be changed /
spoofed without rendering the signature bad, and giving the email 0%
chance of being delievered.

-Lucas

More information about the Kclug mailing list