NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-04

Re: [Resolved] Re: backscatterer.org gone wild [Was: postfix relay host with spamassassin]

From: Aneurin Price (aneurin.pricegmail.com)
Date: Tue Apr 22 2008 - 18:51:08 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > 3. My own domain (that I'm using to post here) is hosted by google,
> > and does not backscatter.
> >
>
> Maybe not, but plenty of backscatter is being sent by the Google outgoing
> mail servers. For example, one of the servers that sent a previous message
> of yours to this list:

Unfortunately, for *outgoing* mail servers, there's really nothing
Google can do to prevent some backscattering, short of silently
dropping mail. Since they are a relay, they have no option to reject
(because they aren't the destination), but the destination *can* and
*should* reject invalid mail, leaving Google no choice but to bounce
it back. Of course they can perform the usual heuristic spam
filtering, and no doubt they do, but that can never be perfect.

Unless everyone in the world uses their own MTA and has it make
deliveries directly to the destination MX[0], backscatter is
inevitable; this is why I personally feel that sites like
backscatterer.org serve no useful purpose; it's not productive to
vilify people who are in a situation where they have no way to win.

At least a legitimate relay will be giving non-forged headers, so it's
possible to tell where the spam originally came from, but really I
think that the best (read: least bad) option is to make some
idealistic concessions in the name of pragmatism and implement
something like BATV.

Well, maybe you'll disagree, but I think it's food for thought anyway
since nobody ever seems to consider *legitimate* relays in backscatter
discussions.

Aneurin Price

[0] Which would be impossible even if everyone had the technical
capability to do so; dynamic IP addresses are blacklisted by many, and
penalised by almost all (eg. in SA scores). I guess SMTP was never
really designed for the current situation in which 99% of the machines
on the net are second class citizens, in a sense. Then again it wasn't
really designed to be so totally abused by the unscrupulous :-/ .

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]