Novel Method for Universal Email Authentication 212
MKaplan writes "Most spam is sent using spoofed domains. Email authentication schemes such as SPF attempt to foil spoofing by having domain administrators publish a list of their approved outgoing mail servers. SPF is sharply limited by incomplete domain participation and failure to authenticate forwarded email. A paper describes a novel method to rapidly generate a near-perfect global SPF database independent of the participation of domain administrators. A single email from an unauthenticated domain is bounced and then resent — this previously unauthenticated domain and the server listed in the return path of the resent bounce are entered into a globally accessible database. All future emails sent from this domain via this server will be authenticated after checking this new database. Mechanisms to authenticate forwarded email and to nullify subversion of this anti-spam system are also described."
That's already implemented with Spamcop (Score:5, Informative)
Works like a charm!
Re:That's already implemented with Spamcop (Score:3, Informative)
That's the problem. (Score:5, Informative)
Which is kind of like greylisting. The FIRST problem is that the spammers have adapted to this and retry.
The SECOND problem with this is he's saying:
Huh? So this is also about SENDING email?
And it doesn't address the issue of "fast flux" where the domains are "legit" in that they exist and point to the IP address of the sending machine
So he's talking about "bouncing" messages
No fucking way is this going to work.
Participation in SPF (Score:4, Informative)
That's not a big problem. 99% of non-participating domains fit in default SPF record "a/24 mx/24 ptr -all", we use it in qmail for few years. Together with Spamassassin it results in 99,8% antispam accuracy (warning: one big exception is yahoo.com, you should use domainkeys or add ptr:yahoo.com to default spf rule)
Re:The BIG issue (Score:3, Informative)
Re:Major flaw in methodology (Score:4, Informative)
The worst email storm I got was when some spammer decided to use my domain as the sender of all his junk and send all hi junk twice. I do have SPF entries in my DNS so ANYTHING that would encourage others to actually USE this system is a GOOD THING.
Now if there were just a few simple packages available that would give us the one-click (tm) ability to add SPF filtering to Sendmail/Postfix/Qmail/etc, and MS Exchange 5.5/2000, then I would guess that 50% or more of the domain spoofing spam would cease. That can only be good, as I only get UCE from real domains that I can't check for authenticity, from spammers who bother to follow RFCs and send twice after postgrey (greylist filtering) blocks them first time around.
Check out existing discussion... (Score:4, Informative)
http://www1.ietf.org/mail-archive/web/asrg/current/msg12403.html [ietf.org]
I'm not sure you understand what SPF solves (Score:3, Informative)
SPF causes MailserverB look up DNS data for the email domain for MailserverA, and compare it's SPF published IP addresses with the IP address of the incoming email connection from SpammerS. If the two don't match, then MailserverB hangs up on SpammerS with a 566 eat-shit-and-die error code.
That's all SPF does: eliminate impersonation.
For that, it's a great idea.
If you think that SPF is going to eliminate all spam, then you have misplaced hopes. Don't throw out SPF just because it is a piece of the solution instead of the whole solution.
The problem you describe is solved with SURBLs.
IMO, people should use both.
Re:Still barking up the wrong f'ing tree... (Score:5, Informative)
The key is to reject the obvious nonsense before invoking your cpu-intensive analysis. I reject on the order of 90+% of everything that my mail server sees (even more at the last place I worked where they were using the same system). False positives on my home mail server are near 0. The ones that are mistakenly flagged, are simply flagged as spam, so I still see them, they weren't rejected or discarded. More at work got through, but that is because we have to be more conservative due to not having a good way to do bayesian filtering for individuals (I left before I had the time to run that project with the internal mail admins).
Then call spamassassin on anything that is left (SA will increase/decreas scores based again on RBLs that we don't outright reject, SPF records, etc):
If it walks like a duck... (Score:3, Informative)
This is clearly Challenge/Response with automated whitelisting. The following Wikipedia entry addresses every facet of this system:
http://en.wikipedia.org/wiki/Challenge-response_spam_filtering [wikipedia.org]Re:Fails to account for SMTP farms... (Score:1, Informative)
It's that simple. It's lightweight, saves time for servers, and helps make sure that all email can be tracked back more usefully to a hostname that takes responsibility for email. It's failing for several reasons:
1: It breaks forwarding, unless the systems doing forwarding do some interesting software changes to keep track of the original "FROM" line and re-write it to send the email, and pass back any bounce messages. This isn't already implemented in most MTA's and takes some work.
2: Microsoft poisoned the well by attaching their "SenderID" to it, then completely screwing up the ISO standards submissions by refusing to release their SenderID related XML patents in a way that anyone but a Microsoft bed-partner could use them.
Thus, SPF is effectively dead until these fundamentally political issues are resolved.