[Asrg] where the message originated (was: DKIM role?) (SM)

Ian Eiloart iane at sussex.ac.uk
Mon Jan 19 03:40:13 PST 2009 


--On 16 January 2009 09:14:18 -0500 Rich Kulawiec <rsk at gsp.org> wrote:

> On Fri, Jan 16, 2009 at 08:32:48AM +0000, David Wilson wrote:
>> My point was not that this would prevent abuse of your domain. Rather
>> that it is stupid to register information which is intended to go some
>> way to prevent domain abuse, and then send messages which appear to be
>> such abuse.
>
> An SMTP reject is not a mail message.
>
> But more broadly, you could have stopped after the first clause:
> *nothing* you register will prevent domain abuse if someone (or something)
> is determined to inflict it, since whatever you've done can simply be
> ignored (and probably will be).  Besides, domain abuse is not a systemic,
> persistent problem; spam, including backscatter/outscatter as one of
> its variants, is, which is why (I believe) this RG exists.

The problem is with spam. However, the natural response of email users is 
to say "can you block (or whitelist) email from such and such a domain"? 
Currently there's little point because it's so hard to determine whether 
the sender address is a forgery.

I'd love to whitelist all .ac.uk addresses, because we do a lot of critical 
business with users of those domains, they can't be freely registered, and 
I know how to contact administrators of those domains. And, I've been asked 
to do so. Spammers would love me to do that, too.

> That said, one of the best, easiest, and cheapest ways to gain free
> assistance with abuse of one's domain is to maintain the "abuse" address,
> per RFC 2142 (which dates from 1997).  I'm often struck by what byzantine
> schemes are proposed (for abuse control) while this simple measure goes
> almost entirely overlooked.  (Note for example yesterday's traffic on
> Dave Farber's excellent "IP" list in re the difficulties of contacting
> Facebook's abuse/fraud group.)

Agreed. Of course abuse and postmaster email addresses can be quite hard to 
monitor, since they can get a lot of spam.


> ---Rsk
>
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> http://www.irtf.org/mailman/listinfo/asrg



-- 
Ian Eiloart
IT Services, University of Sussex
x3148

More information about the Asrg mailing list