| View previous topic :: View next topic |
| Author |
Message |
cardinat
Cadet
Joined: Dec 13, 2006
Posts: 3
Location: USA
|
 Posted: Wed Dec 13, 2006 5:20 am Post subject: New Feature Request |
|
|
Would like to see functionality similar to this:
When a message arrives from an unknown email address the message is held and a reply generated and sent back to the sender asking them to reply back with a subject line that contains a keyword, this keyword is followed by a short serial number.
If they reply back, all future messages from that person will pass through the filter, and all presently held messages from that email address will be released.
If they don't reply any future messages from them will be ignored. Since most spammers don't use real addresses, they won't ever see the registration request. If a message is held for a user defined amount of time without a reply coming back to the registration request it's purged from the system and a user defined interval.
On the sending side things work in a similar way, anyone you write to is automatically added to the friends list, so when they reply to you they will not be asked to register as they have already been registered by the simple act of you writing to them.
You can of course manage the allow and blocked mail lists manually, but why bother, unless of course a spammer manages to send you a password, if that happens simply add them to the blocked list and forget about them.
Does anyone else believe this is worthwhile, or should I stick to using two spam filter programs...
|
|
| Back to top |
|
 |
Toblerone
Lieutenant
Premium Member
Joined: Mar 31, 2006
Posts: 290
Location: Spain
|
| Posted: Wed Dec 13, 2006 11:21 am Post subject: |
|
|
Hello cardinat. 
What you are asking for is, basically, a "Challenge-Response" system. I will let to other forum members (with better english skills than me  ) to explain you why these systems are not desirable, but I will pose you a question that maybe can give you some thoughts about:
Let's suppose that a spammer send 1,000,000 of junk mails with your address in the "From" part of message (that's not unusual: it's called "joe-job")...
...let's suppose that the 1% of these spam messages (10,000) end in the mailboxes of people that have a Challenge-Response system...
...and, voilá!, your mail server will be clogged with 10,000 "replies" asking you to confirm the messages sent to them "from you". 
Now, start thinking that 1,000,000 of spam messages are considered an "small" campaign for the spammers this days... and you will get the figure.
_________________
Toblerone, the chocolate with teeth
|
|
| Back to top |
|
|
rkloost
Captain
Joined: Dec 12, 2003
Posts: 302
Location: Nijmegen, The Netherlands
|
| Posted: Wed Dec 13, 2006 12:43 pm Post subject: |
|
|
@cardinat:
Your idea should be implemented on the mailserver, not client-side.
When checking with Mailwasher Pro, the mail is already accepted by
the mailserver.
Regards,
Ruud
|
|
| Back to top |
|
|
stan_qaz
Premium Member
Joined: Mar 31, 2003
Posts: 10635
|
|
| Back to top |
|
|
rkloost
Captain
Joined: Dec 12, 2003
Posts: 302
Location: Nijmegen, The Netherlands
|
| Posted: Wed Dec 13, 2006 6:55 pm Post subject: |
|
|
Agree to that.
Greylisting might me a better option.
|
|
| Back to top |
|
|
cardinat
Cadet
Joined: Dec 13, 2006
Posts: 3
Location: USA
|
| Posted: Thu Dec 14, 2006 3:40 am Post subject: |
|
|
| rkloost wrote: | Agree to that.
Greylisting might me a better option. |
Thanks to those who replied... I've used MWPro since late 2003... I don't bounce because I was aware te headers are easy to spoof... could you elaborate on graylisting for me so I get a better picture of what you're talking about...
|
|
| Back to top |
|
|
stan_qaz
Premium Member
Joined: Mar 31, 2003
Posts: 10635
|
| Posted: Thu Dec 14, 2006 6:05 am Post subject: |
|
|
Try these links.
It may work for now but if enough folks implement it the spammers will just add a retry to the spamming programs.
http://www.google.com/search?hl=en&q=e-mail+grey+list&btnG=Google+Search
http://projects.puremagic.com/greylisting/whitepaper.html
| Quote: |
The Greylisting method is very simple. It only looks at three pieces of information (which we will refer to as a "triplet" from now on) about any particular mail delivery attempt:
1. The IP address of the host attempting the delivery
2. The envelope sender address
3. The envelope recipient address
From this, we now have a unique triplet for identifying a mail "relationship". With this data, we simply follow a basic rule, which is:
If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure. |
_________________
Questions? Try the wiki
http://wiki.castlecops.com/MailWasher_Pro
|
|
| Back to top |
|
|
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16535
|
| Posted: Fri Dec 15, 2006 4:51 am Post subject: |
|
|
Nifty! So the tempfail will trigger legit servers to resend, while a spam server won't get the tempfail thus won't resend, is that the idea?
|
|
| Back to top |
|
|
cardinat
Cadet
Joined: Dec 13, 2006
Posts: 3
Location: USA
|
| Posted: Fri Dec 15, 2006 5:05 am Post subject: |
|
|
| stan_qaz wrote: | Try these links.
|
thanks
|
|
| Back to top |
|
|
stan_qaz
Premium Member
Joined: Mar 31, 2003
Posts: 10635
|
| Posted: Fri Dec 15, 2006 5:23 pm Post subject: |
|
|
Ike, That is the idea but it is not a long term fix for the problem as it is so easy for spammers to program around.
It falls into the same class as blacklisting and simple word filters, in that it will work until the spammers see profit in dealing with it in their spam generators. Adding a retry for all failed messages to either their local spam generators or the ones they run on infested computers is only a few minutes of coding.
Adding this to your server does bump your connection load on the mail server and that is something to consider for larger machines. Our RV club is seeing 13 connections per second on the average and is getting behind (busy accepting mail but not scanning for spam or delivering any to mailboxes) during peak traffic periods, doubling the connection load would not be good.
Possibilities to make grey listing less intrusive do exist, things like only refusing the initial delivery attempt from servers that fail SPF, Domain Keys, Have no MX entry in DNS and the like to expidite the smooth flow of e-mail from legitimate servers while blocking current spam servers.
_________________
Questions? Try the wiki
http://wiki.castlecops.com/MailWasher_Pro
|
|
| Back to top |
|
|
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16535
|
| Posted: Sun Dec 17, 2006 4:51 am Post subject: |
|
|
| stan_qaz wrote: | | Ike, That is the idea but it is not a long term fix for the problem as it is so easy for spammers to program around. |
You mean that spammers could resend same mailout I assume? But if second mailout is received before tempfail is sent, doesn't greylisting prove it's spam? And wouldn't the process restart if remail is received too long after tempfail (i.e. send another tempfail)?
| stan_qaz wrote: | | Possibilities to make grey listing less intrusive do exist, things like only refusing the initial delivery attempt from servers that fail SPF, Domain Keys, Have no MX entry in DNS and the like to expidite the smooth flow of e-mail from legitimate servers while blocking current spam servers. |
But if enough mail admins implemented SPF and DK, why even bother with greylisting? I.e. isn't the problem that too many email admins are lazy and/or technically incapable of enhancing their email service?
|
|
| Back to top |
|
|
stan_qaz
Premium Member
Joined: Mar 31, 2003
Posts: 10635
|
| Posted: Sun Dec 17, 2006 3:57 pm Post subject: |
|
|
| Quote: | | Ike, You mean that spammers could resend same mail-out I assume? |
Right, that is exactly how a legit e-mail machine deals with greylisting or a failed connection, so the spammers just mimic them.
The temp-fail isn't sent server to server, it is sent to the sender by the senders SMTP machine to inform them of non-delivery. All the sending SMTP machine sees from the destination SMTP is the temp-fail status during the SMTP session.
| Code: | In the case where we would temporarily fail a particular delivery attempt, the mail transaction would look similar to this:
-> MAIL FROM: <sender@somedomain.com>
<- 250 2.1.0 Sender ok
-> RCPT TO: <recipient@otherdomain.com>
<- 451 4.7.1 Please try again later
|
Grey-listing is a selfish anti-spam method in that instead of doing the "right" thing you unload the effort of reducing your spam onto someone else like bouncing or CR.
_________________
Questions? Try the wiki
http://wiki.castlecops.com/MailWasher_Pro
|
|
| Back to top |
|
|
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16535
|
|
| Back to top |
|
|
stan_qaz
Premium Member
Joined: Mar 31, 2003
Posts: 10635
|
| Posted: Mon Dec 18, 2006 5:57 pm Post subject: |
|
|
Well blacklisting and fake bounces worked for a while until they cut into the spammers profits and the spammy #$%&**#'s updated their programs.
_________________
Questions? Try the wiki
http://wiki.castlecops.com/MailWasher_Pro
|
|
| Back to top |
|
|
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16535
|
| Posted: Tue Dec 19, 2006 6:14 am Post subject: |
|
|
Right but I thought that greylisting had a time windowing mechanisim making it much more difficult for spammers.
I'm wondering if we'll ever see IPv6 widely implemented. Specs have been in place for several years but there just doesn't seem to be much of a motivation to get a more secure Internet in place.
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
Seems to be overblown if spammers can so easily defeat this mechanism. 