OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: (OT) Paul Hoffman, Director Internet Mail Consortium wants number s

gagelcnc.bc.ca
Date: Wed Sep 17 2003 - 11:35:29 CDT

Eric,

Have you got horse shoes hidden some where? ;-)

In July I implemented some very strick ANTI SPAM measures on my
Postfix gateway. Specifically I was only permitting machines to send
mail to my gateway if they identified themselves with a FQDN and the
name they id'ed themselves as could be found via a rDNS lookup. Then
the ip had to match.

Those simple steps resulted in a drastic reduction of spam mail to our
domain. It also resulted in legitimate senders being unable to send
mail to us. Most complied and corrected their mail servers
configuration and or added the required dns entries to communicate to
ours.

None the less several did not or could not for various reasons.

This forced me to reduce the restictions to only requiring a FQDN.
Reverse DNS is not required and a MTA no longer is required to
identify itself correctly or accuratly.

The result?

My mail server was recieving over 10,000 messages a day from various
sources. Only about 2500 of them legitimate mail. Adding the
restrictions caused a huge reduction in complaints about offensive
spam. Now we are recieving the spam again. Since I have filtering in
place via the use of SpamAssassin tagging all mail I find that I can
quantify exactly what effect adding and then removing the restrictions
has had on my own account.

In July I added the restrictions. In August I cleared my spam folder
(where all my tagged mail goes for review). September 15 I reduced the
restrictions. So for about 6 weeks I recieved a grand total of 97
Unsoliceted spam messages. Now after only two days with out the
restrictions I have an additional 28 messages in my spam folder.

I'd say that shows a very definate trend in the use of non existant
domains for use as spam/uce domains.

----- Original Message Follows -----
> Hello List. <I've done it now> The following is an email I got back
> from Paul Hoffman, Director Internet Mail Consortium:
>
>
> Received: from godzilla.vipstructures.com (192.168.1.49
> [192.168.1.49]) by vip10-win2k.vipstructures.com with SMTP
> (Microsoft Exchange Internet Mail Service Version 5.5.2656.59)
> id SXHS2PA9; Wed, 17 Sep 2003 11:59:11 -0400
> Received: from above.proper.com (above.proper.com [208.184.76.39])
> by godzilla.vipstructures.com (Postfix) with ESMTP id 4A524A927
> for <etollvipstructures.com>; Wed, 17 Sep 2003 12:00:44 -0400
> (EDT) Received: from [63.202.92.152]
> (adsl-63-202-92-152.dsl.snfc21.pacbell.net [63.202.92.152])
> (authenticated bits=0)
> by above.proper.com (8.12.9/8.12.8) with ESMTP id h8HFx2ep005627
> for <etollvipstructures.com>; Wed, 17 Sep 2003 08:59:03 -0700
> (PDT)
> (envelope-from phoffmanimc.org)
> Mime-Version: 1.0
> X-Sender: phoffmanmail.imc.org
> Message-Id: <p0600200fbb8e3483f2a7[63.202.92.152]>
> In-Reply-To:
> <9BC86C67C3AF7646B9C5382020457A940F1546VIP10-WIN2K.vipstructures.c
> om> References:
> <9BC86C67C3AF7646B9C5382020457A940F1546VIP10-WIN2K.vipstructures.c
> om> X-Habeas-SWE-1: winter into spring
> X-Habeas-SWE-2: brightly anticipated
> X-Habeas-SWE-3: like Habeas SWE (tm)
> X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
> X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of
> this X-Habeas-SWE-6: email in exchange for a license for this Habeas
> X-Habeas-SWE-7: warrant mark warrants that this is a Habeas
> Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report
> use of this X-Habeas-SWE-9: mark in spam to
> <http://www.habeas.com/report>. Date: Wed, 17 Sep 2003 09:01:05
> -0700 To: "Toll, Eric" <etollvipstructures.com>
> From: Paul Hoffman / IMC <phoffmanimc.org>
> Subject: RE: FW: Complain to the correct authority (was: RE: Maybe
> it's my
> fau lty memory . . .)
> Content-Type: text/plain; charset="us-ascii" ; format="flowed"
>
>
>
> >I must apologize for incorrectly addressing this rant to you.
> Because I >saw your email address on correspondence on the
> icann.org website I >thought you were perhaps on the board or a
> consultant somehow involved >in the process.
>
> I'm not, and neither are many of the other people you addressed the
> message to. You are possibly hurting the cause you want to be
> helping.
>
> >Could you recommend an address where my efforts should be directed
> to?
>
> Nope. ICANN doesn't seem to listen to complaints about this.
>
> >The problem that the email community is experiencing now is that on
> >many systems one can reject mail if the sender domain does not
> exist. >This is a big help in UCE/spam prevention.
>
> Define "big", quantitatively. Tell me what percentage of spam that
> would have been rejected are now being accepted. This is a
> measurable quantity, but no one in the rants I have seen have
> bothered to measure it.
> I suspect that the percentage is quite small because spam with bogus
> MAIL FROM addresses also have lots of other things that would get
> the spam blocked anyway. I could be wrong, of course, but that's my
> strong hunch. If you can show otherwise, I'd be happy to see your
> numbers.
>
> --Paul Hoffman, Director
> --Internet Mail Consortium

====================
Kevin W. Gagel
Network Administrator
(250) 561-5848 local 448
(250) 562-2131 local 448

--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------

  • application/pgp-keys attachment: stored