New Feature Request
Goto page 1, 2  Next
 CastleCops -> Product Suggestions
Author: cardinatLocation: USA PostPosted: Wed Dec 13, 2006 5:20 am    Post subject: New Feature Request
Would like to see functionality similar to this:

When a message arrives from an unknown email address the message is held and a reply generated and sent back to the sender asking them to reply back with a subject line that contains a keyword, this keyword is followed by a short serial number.

If they reply back, all future messages from that person will pass through the filter, and all presently held messages from that email address will be released.

If they don't reply any future messages from them will be ignored. Since most spammers don't use real addresses, they won't ever see the registration request. If a message is held for a user defined amount of time without a reply coming back to the registration request it's purged from the system and a user defined interval.

On the sending side things work in a similar way, anyone you write to is automatically added to the friends list, so when they reply to you they will not be asked to register as they have already been registered by the simple act of you writing to them.

You can of course manage the allow and blocked mail lists manually, but why bother, unless of course a spammer manages to send you a password, if that happens simply add them to the blocked list and forget about them.

Does anyone else believe this is worthwhile, or should I stick to using two spam filter programs...
Author: TobleroneLocation: Spain PostPosted: Wed Dec 13, 2006 11:21 am    Post subject:
Hello cardinat. Smile

What you are asking for is, basically, a "Challenge-Response" system. I will let to other forum members (with better english skills than me Wink ) to explain you why these systems are not desirable, but I will pose you a question that maybe can give you some thoughts about:

Let's suppose that a spammer send 1,000,000 of junk mails with your address in the "From" part of message (that's not unusual: it's called "joe-job")...
...let's suppose that the 1% of these spam messages (10,000) end in the mailboxes of people that have a Challenge-Response system...
...and, voilá!, your mail server will be clogged with 10,000 "replies" asking you to confirm the messages sent to them "from you". Rolling Eyes

Now, start thinking that 1,000,000 of spam messages are considered an "small" campaign for the spammers this days... and you will get the figure. Wink
Author: rkloostLocation: Nijmegen, The Netherlands PostPosted: Wed Dec 13, 2006 12:43 pm    Post subject:
@cardinat:

Your idea should be implemented on the mailserver, not client-side.
When checking with Mailwasher Pro, the mail is already accepted by
the mailserver.

Regards,
Ruud
Author: stan_qaz PostPosted: Wed Dec 13, 2006 5:47 pm    Post subject:
Be prepared to have any mailserver implementing challenge response quickly blacklisted for spamming since the challenges you are sending out will be going to folks that didn't send you the spam.

They are about as bad as a fake bounce message.

http://wiki.castlecops.com/What_is_Wrong_With_Bouncing_Spam
Author: rkloostLocation: Nijmegen, The Netherlands PostPosted: Wed Dec 13, 2006 6:55 pm    Post subject:
Agree to that.

Greylisting might me a better option.
Author: cardinatLocation: USA PostPosted: Thu Dec 14, 2006 3:40 am    Post subject:
rkloost wrote:
Agree to that.

Greylisting might me a better option.


Thanks to those who replied... I've used MWPro since late 2003... I don't bounce because I was aware te headers are easy to spoof... could you elaborate on graylisting for me so I get a better picture of what you're talking about...
Author: stan_qaz PostPosted: Thu Dec 14, 2006 6:05 am    Post subject:
Try these links.

It may work for now but if enough folks implement it the spammers will just add a retry to the spamming programs.

http://www.google.com/search?hl=en&q=e-mail+grey+list&btnG=Google+Search

http://projects.puremagic.com/greylisting/whitepaper.html

Quote:

The Greylisting method is very simple. It only looks at three pieces of information (which we will refer to as a "triplet" from now on) about any particular mail delivery attempt:

1. The IP address of the host attempting the delivery
2. The envelope sender address
3. The envelope recipient address

From this, we now have a unique triplet for identifying a mail "relationship". With this data, we simply follow a basic rule, which is:

If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.
Author: Ikeb PostPosted: Fri Dec 15, 2006 4:51 am    Post subject:
Nifty! So the tempfail will trigger legit servers to resend, while a spam server won't get the tempfail thus won't resend, is that the idea?
Author: cardinatLocation: USA PostPosted: Fri Dec 15, 2006 5:05 am    Post subject:
stan_qaz wrote:
Try these links.



thanks
Author: stan_qaz PostPosted: Fri Dec 15, 2006 5:23 pm    Post subject:
Ike, That is the idea but it is not a long term fix for the problem as it is so easy for spammers to program around.

It falls into the same class as blacklisting and simple word filters, in that it will work until the spammers see profit in dealing with it in their spam generators. Adding a retry for all failed messages to either their local spam generators or the ones they run on infested computers is only a few minutes of coding.

Adding this to your server does bump your connection load on the mail server and that is something to consider for larger machines. Our RV club is seeing 13 connections per second on the average and is getting behind (busy accepting mail but not scanning for spam or delivering any to mailboxes) during peak traffic periods, doubling the connection load would not be good.

Possibilities to make grey listing less intrusive do exist, things like only refusing the initial delivery attempt from servers that fail SPF, Domain Keys, Have no MX entry in DNS and the like to expidite the smooth flow of e-mail from legitimate servers while blocking current spam servers.
Author: Ikeb PostPosted: Sun Dec 17, 2006 4:51 am    Post subject:
stan_qaz wrote:
Ike, That is the idea but it is not a long term fix for the problem as it is so easy for spammers to program around.

You mean that spammers could resend same mailout I assume? But if second mailout is received before tempfail is sent, doesn't greylisting prove it's spam? And wouldn't the process restart if remail is received too long after tempfail (i.e. send another tempfail)?

stan_qaz wrote:
Possibilities to make grey listing less intrusive do exist, things like only refusing the initial delivery attempt from servers that fail SPF, Domain Keys, Have no MX entry in DNS and the like to expidite the smooth flow of e-mail from legitimate servers while blocking current spam servers.

But if enough mail admins implemented SPF and DK, why even bother with greylisting? I.e. isn't the problem that too many email admins are lazy and/or technically incapable of enhancing their email service?
Author: stan_qaz PostPosted: Sun Dec 17, 2006 3:57 pm    Post subject:
Quote:
Ike, You mean that spammers could resend same mail-out I assume?

Right, that is exactly how a legit e-mail machine deals with greylisting or a failed connection, so the spammers just mimic them.

The temp-fail isn't sent server to server, it is sent to the sender by the senders SMTP machine to inform them of non-delivery. All the sending SMTP machine sees from the destination SMTP is the temp-fail status during the SMTP session.

Code:
In the case where we would temporarily fail a particular delivery attempt, the mail transaction would look similar to this:

-> MAIL FROM: <sender@somedomain.com>
<- 250 2.1.0 Sender ok
-> RCPT TO: <recipient@otherdomain.com>
<- 451 4.7.1 Please try again later


Grey-listing is a selfish anti-spam method in that instead of doing the "right" thing you unload the effort of reducing your spam onto someone else like bouncing or CR.
Author: Ikeb PostPosted: Mon Dec 18, 2006 6:14 am    Post subject:
OK so no time window then. Sad Seems to be overblown if spammers can so easily defeat this mechanism. Confused
Author: stan_qaz PostPosted: Mon Dec 18, 2006 5:57 pm    Post subject:
Well blacklisting and fake bounces worked for a while until they cut into the spammers profits and the spammy #$%&**#'s updated their programs.
Author: Ikeb PostPosted: Tue Dec 19, 2006 6:14 am    Post subject:
Right but I thought that greylisting had a time windowing mechanisim making it much more difficult for spammers.

I'm wondering if we'll ever see IPv6 widely implemented. Specs have been in place for several years but there just doesn't seem to be much of a motivation to get a more secure Internet in place.
CastleCops -> Product Suggestions

All times are GMT

Goto page 1, 2  Next
Page 1 of 2


Powered by phpBB © 2001 phpBB Group