RE: [rt.ietf.org #24364] mail.ietf.org. is ietf.org., Remove MX Records For Less Spam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ever heard about not cross-posting and not feeding trolls?

-----Original Message-----
From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On Behalf Of
Sabahattin Gucukoglu
Sent: Friday, February 26, 2010 10:57 PM
To: Dean Anderson
Cc: ietf-honest@xxxxxxxxxxxxxx; ietf-smtp@xxxxxxx; ietf@xxxxxxxx;
postmaster@xxxxxxxxxxxx
Subject: Re: [rt.ietf.org #24364] mail.ietf.org. is ietf.org.,Remove MX
Records For Less Spam 

On 26 Feb 2010, at 05:19, Dean Anderson wrote:
I get spam to hosts with MX records. I don't think removing MX records
> will have any effect on spam.  Spambots, aren't fully autonomous
agents

I just transitioned my email host for a few small domains, and didn't
trouble to bring along the MX records, because I didn't have to.  I
noticed the IETF didn't have to either, when it kept rejecting my IPv6
connections for not having Reverse DNS (fixed by preferring IPv4 for
now).

It's not the first time, and this technique is still damned effective.
I added MX records just to reassure myself, and indeed I was being
spammed at my usual 300/day level within almost half an hour of my name
servers being updated.  Now I'm waiting for the TTL to expire the record
on caches.  I'm convinced that is useful, anyway.  Sure, it's a
short-term hack (like all spam countermeasures), but it works.  And why
should we be afraid of standards compliance, in the very organisation
that standardises?

> existing independently, they are programs written by people who want
to
> conduct abuse for some purpose (annoyance, extortion, etc).
> 
The ones I'm talking about are distributed by viruses and trojan horses.
They run on Windows, of course.  They receive their instructions from
the botmaster to spam a list of addresses with the spam content, and
they do it directly using the MX resolution process.  They barf when MX
records fail to appear in a query result for MXs of a domain, for the
most.

> Regarding the effect (if there even is one) of skipping domains
without
> MX records, there are only two cases to analyze: Its either an
oversight
> in the program, or its done on purpose.  Even supposing their current
> programs skip domains without MX records by some oversight, the
spambot
> programmers will easily fix that.  Supposing the current programs skip
> domains without MX records on purpose, then do you really want to go
> along with whatever purpose that might be?  I wouldn't.
> 
Spam is a social problem that cannot be solved by technical means to any
degree of satisfaction; we only put up with the methods available
because they're all we have.  Every filtering technique other than
manual inspection is subject to attacks, even the best ones, and as long
as there's a gain in doing so that will continue to be the case.  On
that basis, even if there were something wrong with removing MX records
for a single-host domain that just happens to be called "ietf.org." and
have aliases of mail and www, and I personally don't think there is
apart from the possibility that it may lose some broken MTAs, it is a
valid spam prevention technique until spammers take their dozy time
(and, if we're honest, quite low cunning as well) to fix their agents,
just as they do with every other kind of filtering out there.  The IETF
is one domain inhabited by a bunch of guys, so frankly I don't think it
will be all that soon when so much of the world is happily being spammed
to d
 eath on redundantly-hosted mail servers.  And even if it isn't a silver
bullet tomorrow, it's a useful metric nonetheless, just as graylisting
was before it was totally failed and made blacklists the only way to use
it conveniently.

> But I do find it noteworthy that the IETF doesn't even follow its own
> recommendations on email.  The level of IETF spew, by which I mean
> telling other people what to do by issuing standards while not doing
it
> themselves, grows more ever day.  This incident is another discredit
to
> the IETF, particularly to the leadership of the IETF or perhaps the
IETF
> secretariat, that I will have to document at IETF watch.

I want to say that I would *prefer* that MX records be published for
host which *do not* receive mail.  This is considerate since it allows
mail originating from a host to be answered, or for postmaster to be
reached.  I also want to say that I am in support of the "Purist" point
of view with regard to fallback since it allows any host with a name to
be part of the SMTP infrastructure with no added configuration in DNS by
properly using the semantics of addresses in DNS, before the use of MX
muddied the waters sufficiently.  There can therefore be no doubt that
any software relying on the existence or not of MX records as license to
*send* mail is broken since RFC 974.  I don't want to start a debate on
these points, at least outside of ietf-smtp, since in neither case does
it wrong the secretariat with regard to the use or not of MX records,
but I will say I have been a little bit surprised by the force of
responses so far.  I would be much obliged if the required work were 
 done for clarifying any opposing view to current standards.

Cheers,
Sabahattin

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]