an idea to lower spam volume

Thread: an idea to lower spam volume

Search this list only Search all lists
an idea to lower spam volume
	2007-01-23 15:58:37
Great article highlighted on slashdot about no listing. I have implemented on a few of my domains and spam volume has dropped significantly.. Thought everyone on this list would be interested.. Here is the article.. http://www.joreybump.com/code/howto/nolisting.html _______________________________________________ Maia-users mailing list Maia-usersrenaissoft.com http://www.renaissoft.com/mailman/listinfo/maia-users
Re: an idea to lower spam volume
	2007-01-23 16:18:59
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DavidByte wrote: > Great article highlighted on slashdot about no listing. I have > implemented on a few of my domains and spam volume has dropped > significantly.. Definitely interesting, yes. I do spot a couple of potential problems with it, though: (1) Over the past few years spammers have begun targeting non-primary MXes by preference, on the assumption that they're likely to have the weakest anti-spam protection (or none at all). This is not RFC-compliant of course, but spammers don't care about such niceties. They'll gladly try your MX records in /reverse/ order if they think it will improve the deliverability of their spam. Nolisting relies on spammers following the RFC-specified MX order, which is decreasingly the case these days. (2) By the author's own admission, it's very difficult to provide any sort of whitelisting mechanism for nolisting because it takes place at the DNS level. It's not clear at this point how many "legitimate" mail clients and servers out there may be broken in ways that would result in false positives, but I'd be willing to bet that it's greater than zero. As with things like greet-pauses and greylisting, I see this as a clever trick that will likely help in the short term, but will lose its effectiveness over time. Given what I've pointed out in (1), a tactic like nolisting is just going to drive more spammers in that direction, or cause them to finally write RFC-compliant spambots. The only real /harm/ I see in nolisting stems from (2), which has yet to be determined. - -- Robert LeBlanc renaissoft.com> Renaissoft, Inc. Maia Mailguard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFtonSGmqOER2NHewRAirjAJ0TE8qXi6S5a9r2N1X48XSKDKko4ACeLqSt fhT5HTptQ0ua7kY/B1ORwu8= =Pbhb -----END PGP SIGNATURE----- _______________________________________________ Maia-users mailing list Maia-usersrenaissoft.com http://www.renaissoft.com/mailman/listinfo/maia-users
Re: an idea to lower spam volume
	2007-01-23 19:44:06
I also saw this article on slashdot and spent quite a bit of time reading the comments and doing some experiments myself. Robert's summary is very accurate. I wanted to add one thing for anyone considering using this technique: Be aware that while *most* servers will try the second MX, making this trick seem to work, a significant number will not try a third. This creates a nasty single point of failure on your mail system. Even worse: this behavior is actually compliant with the RFCs as they only require that a server attempt delivery to two MXs. While this is ok if you only had one MX to start with, it is a complete deal killer for me, and I suspect many other people using Maia. Initially I was disappointed as it seemed to be a nice trick to reduce load on my servers. After some experimentation, I've found that the spam blocked by "no listing" is almost always also blocked with other low impact techniques such as greylisting and basic RFC compliance checks. Sure, greylisting is a bit of a hack as well, but at least it doesn't degrade the reliability of my network. -Aaron On 1/23/07, Robert LeBlanc renaissoft.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > DavidByte wrote: > > Great article highlighted on slashdot about no listing. I have > > implemented on a few of my domains and spam volume has dropped > > significantly.. > > Definitely interesting, yes. I do spot a couple of potential problems > with it, though: > > (1) Over the past few years spammers have begun targeting non-primary > MXes by preference, on the assumption that they're likely to have the > weakest anti-spam protection (or none at all). This is not > RFC-compliant of course, but spammers don't care about such niceties. > They'll gladly try your MX records in /reverse/ order if they think it > will improve the deliverability of their spam. Nolisting relies on > spammers following the RFC-specified MX order, which is decreasingly the > case these days. > > (2) By the author's own admission, it's very difficult to provide any > sort of whitelisting mechanism for nolisting because it takes place at > the DNS level. It's not clear at this point how many "legitimate" mail > clients and servers out there may be broken in ways that would result in > false positives, but I'd be willing to bet that it's greater than zero. > > As with things like greet-pauses and greylisting, I see this as a clever > trick that will likely help in the short term, but will lose its > effectiveness over time. Given what I've pointed out in (1), a tactic > like nolisting is just going to drive more spammers in that direction, > or cause them to finally write RFC-compliant spambots. The only real > /harm/ I see in nolisting stems from (2), which has yet to be determined. > > - -- > Robert LeBlanc renaissoft.com> > Renaissoft, Inc. > Maia Mailguard > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFFtonSGmqOER2NHewRAirjAJ0TE8qXi6S5a9r2N1X48XSKDKko4ACeLqSt > fhT5HTptQ0ua7kY/B1ORwu8= > =Pbhb > -----END PGP SIGNATURE----- > _______________________________________________ > Maia-users mailing list > Maia-usersrenaissoft.com > http://www.renaissoft.com/mailman/listinfo/maia-users > _______________________________________________ Maia-users mailing list Maia-usersrenaissoft.com http://www.renaissoft.com/mailman/listinfo/maia-users