Words by c.z.robertson

God save us from sysadmins

2003-10-25 00:57:50 GMT/BST

On Thursday I sent some mail to a friend. It didn't reach him. Just a few minutes ago he phoned me to say that it had been rejected by his mail server because it claimed to be from czr@gotland, and sendmail disliked the fact that it couldn't resolve the gotland domain name.

Rejecting mail from unresolvable domains a fairly common anti-spam measure. And a fairly stupid one.

Let's suppose for a moment that I'm a spammer. One of the things about email is that it's possible to make all sorts of claims about who you are, and they don't necessarily have to be true. That's the case with the sender. If I were a spammer, I could claim to be billg@microsoft.com if I wanted to, and in that case sendmail would perfectly happily accept the mail because it can resolve the microsoft.com domain name. So why would I claim to be sending from an unresolvable domain? The only possible reason is incompetence. So, by rejecting mail from unresolvable domains, you might succeed in weeding out a few incompetent spammers.

Now let's look at what happens to mail from legitimate senders. Again, I don't have any reason to claim to be sending from an unresolvable domain. (Well, actually that's precisely what I am doing, but I want to claim to be a resolvable domain so that there's somewhere for the bounces to go.) So, if I'm claiming to be from gotland, the only reason is that I'm incompetent. And incompetence is a quality shared by all humanity. So, by rejecting mail from unresolvable domains, you've also succeeded in rejecting some legitimate mail.

If you wanted to achieve that sort of result you might as well just pick mail at random and reject it.

God save us from spammers. God save us also from over-zealous sysadmins.

... localhost ...

splinter - http://www.killerbees.org.uk

2003-11-21 00:10:49 GMT/BST

Hello,

My name is splinter and I'm hear today to talk to you all about how wrong colin is. I'm sure we'll have fun together and remember this post as a merry one. Shall we begin?

You'd be suprised at just how much spam comes from localhost ("incompetent spammers"). In relation to how much mail is being lost from legitimate spammers I think it's totally acceptable.

Thank you, that concludes the post for today. If you enjoyed this post then please visit our website where we talk with less sense but more words.

colin_zr - http://rtnl.org.uk

2003-11-21 06:46:15 GMT/BST

So, let me get this straight...

It's ok to drop people's mail if it's likely to be spam.

If that's the case, why not just run Spamassassin on everyone's mail and silently drop anything with a moderately high spamicity?

...and that's assuming that a bad sender is a good indicator of spamicity. Given that it's a problem that's bitten me multiple times in various different ways over the last few years, I'm inclined to think that a good portion of non-spam is also being lost like this.

el splinterrrrrr - http://www.killerbees.org.uk

2003-11-21 15:39:09 GMT/BST

And I've had numourous Japanese girls run away from me in the past few years, but I don't think that Japanese girls run away from all hairy Iranian men ... well okay maybe they do, but you get my point. 99% of people will not be running sendmail so you an d I are special cases, in fact you're mail was the only peice of mail I have ever lost in that way (presuming I know about all the mail that I've never recieved). So no, I don't think the portion of non-spam being lost like this is significant.

"If that's the case, why not just run Spamassassin on everyone's mail and silently drop anything with a moderately high spamicity?" Why not just configure exim properly? What could you possibly have to gain by not configuring it correctly? Okay so you have to use a domain which it may not belong to but even then that's better than no domain at all since that way it could be set to bounce back to a real address you have somewhere (eg. all my bounces go back to splinter@killerbees.org.uk because exim thinks it's part of the killerbees.org.uk domain).

colin_zr - http://rtnl.org.uk

2003-11-21 23:50:52 GMT/BST

"So no, I don't think the portion of non-spam being lost like this is significant."

I've lost mail both that I've sent and that I intended to receive when I was running sendmail. I've seen it happen on at least four separate occasions since 1997, losing multiple pieces of mail each time. It still happens to me now that I'm a techie working at an anti-spam company and able to speak SMTP in my sleep.

It happens too often, and it's difficult to detect when it does happen.

"Why not just configure exim properly?"

As stated earlier, incompetence. The incompetence of a geek who specialises in mail processing. The incompetence of the guy who taught you how to spoof a From header.

But also, Exim is actually designed not to be configured properly. A non-root user can't set the sender. Lying to Exim about it's domain isn't the answer either, since different users on the system might reasonably have addresses at different domains.

Anyway, you completely failed to answer my question. You're so intent on getting rid of spam that you've started applying a poor heuristic for spam detection to all your incoming mail. But why stop there? Why not run a more thorough set of heuristics on all your mail?

the splointer

2003-11-23 23:37:50 GMT/BST

Grrr.