[SGVLUG] Mailman, SPAM Traps, and UCEProtect
Chris Louden
chris at chrislouden.com
Thu Apr 16 10:25:32 PDT 2009
On Thu, Apr 16, 2009 at 10:21 AM, Mike Rubel <mrubel at galcit.caltech.edu> wrote:
> This is a fundamental flaw in SMTP: anyone can claim to be anyone.
>
>> I can't do an SPF record check or reverse DNS verification on them.
>
> What about only sending automated error replies when the incoming message
> passes SPF? This might inconvenience a few users--specifically, those who
> are not subscribed and whose SMTP providers aren't using SPF--since their
> messages will simply be ignored rather than courtesy-bounced. But it will
> not inconvenience subscribed members (since their messages would not have
> generated an automated reply anyway), and it would seem to prevent this
> particular kind of abuse.
>
> Another potential problem is spammers simply subscribing the spam trap
> address to your lists. I can't think of a workaround there, as there's no
> way to differentiate legitimate sign-up attempts from illegitimate ones,
> short of only allowing SPF-protected addresses to subscribe to your list.
I was thinking of setting up postini or similar. redirecting the MX to
it and then telling the server to only accept from it. Letting a pro
services filter first. Administering mail is such a PITA anymore.
>
> -Mike
>
>
More information about the SGVLUG
mailing list