On Fri, 2004-11-05 at 14:29 -0600, Todd T. Fries wrote:
I've been seeing MX's resolving to 127.0.0.1 for a few months now, and planning to write some sort of envelope from checking apparatus to refuse email who's envelope from MX resolves to 127.0.0.1 (and now that you mention it), rfc1918 address space (and perhaps bogon space as well?)...
Better block the internet in that case ;) I heared of BGP feeds that provide 'questionable prefixes' so that one can nicely nullroute those using that system. I still am of the opinion that only accepting verifyable PGP signed mail could slow spammers down a bit, then at least the spambot took the time of generating, distributing and letting people trust the spambots key. Maybe trow in some trust metric ala advogato!? Then again, the spambots will simply find the preconfigured key from an infected user and start using that, save passwords ole, at least one then knows the source it is coming from is really also able to sign it that way, thus most likely is the problem person, unless the virus of course redistributes the pgp keys using some nice p2p algo to other worms. (ohoh :) This would at least take away most of the virusses sending random sources. But getting everybody to do PGP-signed mail is asking the same thing as asking people to turn of sending html emails, A somewhat similar scheme does work for RIPE-db updates, but the people submitting there have probably some clue on how to configure their boxes and unfortunately we are of course talking about $lusers. Spam already lost it from virusses and the spam coming forth from misconfigured antivirus tools sending 'hi you send a virus' alike messages. Above setup should be able to work for closed communities like mailinglists where only a few number of people post, if you want to post, sign your message, mailinglist software could then verify the key and only pass it on if the member is subscribed and the signature is valid. A virus picking random addresses and sending to existing messages in the mailbox, thus having 'valid' source/dest combinations doesn't make much of chance then unless it figures out the pgp key and the password. Then again I just might be a ... http://www.rhyolite.com/anti-spam/you-might-be.html ;) BTW1: that because you quote above my complete message, my message becomes part of your signature and my mailer nicely ignores it ;) BTW2: Ooops... discussing spammy related things on NANOG.... Greets, Jeroen