Mailinglist Archive: opensuse-security (297 mails)
| < Previous | Next > |
Re: [suse-security] Email Spoofing
- From: maarten van den Berg <maarten@xxxxxxx>
- Date: Thu, 22 Jul 2004 18:55:50 +0200
- Message-id: <200407221855.50383.maarten@xxxxxxx>
On Thursday 22 July 2004 18:01, suse@xxxxxx wrote:
> Quoting Alan Hadsell <ahadsell@xxxxxxxxxxxx>:
> > suse@xxxxxx writes:
> And for every complex problem there are a dozen solutions that create more
> problems than they solve.
>
> 1) Why is it necessary to block before data is received? SpamAssassin and
> DSPAM don't. In fact, I much prefer systems that do not block at the SMTP.
> If I receive the e-mail and mark it as spam, it can be checked later. If
> it's blocked at the SMTP, there is no recourse.
>
> 2) I could also create subdomains on the fly, generate SPF entries, and
> spam past SPF to my heart's content. Until SMTP is completely replaced,
> there are always ways around things. The Spammers are clever.
I agree with you about SPF's problems, but I don't think spammers can make
subdomains on the fly for my domain. This is not how DNS works. Only I can
do that, if I have access to my own DNS zone.
> Currently, SPF creates a blockage that is exceedingly difficult to remove.
> Trying to convince a hosting site to change it's e-mail system isn't
> trivial. People get REALLY upset when their e-mail doesn't work, so
> companies are very wary of making any changes that could potentially cause
> problems.
Again, I do agree with you for the most part, but this expectation of email
that "always works" is SO 3 years ago. Nowadays, people are just lucky to
notice they have a few non-spam messages buried with the rest, just one
second before pressing the <<delete>> key. Spammmers, spamassassin,
viruskillers and (network- or otherwise)blacklists have taken care of that.
> I've noticed a correlation between proponents of SPF and people that never
> have to actually deal with customers. If I ran some internal corporate
> network, SPF would look an awful lot better. When you have a captive
> audience, it's much easier to deal with complaints.
Sure, but still. I've dealt with numerous issues, from easynet blacklisting
"yeah, because your mailserver IP is in a dialup pool" to mailservers that
stubbornly reject mail from an IP that has no valid reverse PTR record.
And you try to convince your big colo hosting company to set those PTR records
straight. I've been there, and that wasn't one of the the lesser hosting
companies either... way too often, this shit is just beyond your control.
Maarten
--
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
> Quoting Alan Hadsell <ahadsell@xxxxxxxxxxxx>:
> > suse@xxxxxx writes:
> And for every complex problem there are a dozen solutions that create more
> problems than they solve.
>
> 1) Why is it necessary to block before data is received? SpamAssassin and
> DSPAM don't. In fact, I much prefer systems that do not block at the SMTP.
> If I receive the e-mail and mark it as spam, it can be checked later. If
> it's blocked at the SMTP, there is no recourse.
>
> 2) I could also create subdomains on the fly, generate SPF entries, and
> spam past SPF to my heart's content. Until SMTP is completely replaced,
> there are always ways around things. The Spammers are clever.
I agree with you about SPF's problems, but I don't think spammers can make
subdomains on the fly for my domain. This is not how DNS works. Only I can
do that, if I have access to my own DNS zone.
> Currently, SPF creates a blockage that is exceedingly difficult to remove.
> Trying to convince a hosting site to change it's e-mail system isn't
> trivial. People get REALLY upset when their e-mail doesn't work, so
> companies are very wary of making any changes that could potentially cause
> problems.
Again, I do agree with you for the most part, but this expectation of email
that "always works" is SO 3 years ago. Nowadays, people are just lucky to
notice they have a few non-spam messages buried with the rest, just one
second before pressing the <<delete>> key. Spammmers, spamassassin,
viruskillers and (network- or otherwise)blacklists have taken care of that.
> I've noticed a correlation between proponents of SPF and people that never
> have to actually deal with customers. If I ran some internal corporate
> network, SPF would look an awful lot better. When you have a captive
> audience, it's much easier to deal with complaints.
Sure, but still. I've dealt with numerous issues, from easynet blacklisting
"yeah, because your mailserver IP is in a dialup pool" to mailservers that
stubbornly reject mail from an IP that has no valid reverse PTR record.
And you try to convince your big colo hosting company to set those PTR records
straight. I've been there, and that wasn't one of the the lesser hosting
companies either... way too often, this shit is just beyond your control.
Maarten
--
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
| < Previous | Next > |