Antispam -- An open letter to Cruelmail -- Effect of Forged Return Addresses
Antispam -- An open letter to Cruelmail -- Effect of Forged Return Addresses
am 13.01.2005 09:58:24 von 95h62gq02
I sent the message that I reproduce below, to Cruelmail, which is a
service that lets you sign up for a mail address, then when people
write to you at that address, if the return addresses on those messages
aren't on your whitelist, Cruelmail blocks the message and sends to the
return address, a demand for money. I think this would be a good idea
except for the problem I describe in my letter to them. I would be
interested in any comments. Thanks.
Date: Wed, 12 Jan 2005 07:29:22 -0500
From: [me]
To: helpdesk@cruelmail.com
Subject: Effect of Forged Return Addresses
Greetings.
Thanks for trying to do something about the spam problem.
Most spam has forged return addresses. Often, spammers use
real addresses of real people as return addresses in spam
(they harvest these from fora, etc.). If I use your
service, spam that comes to my address at cruelmail.com
will trigger a message (the rejection message) to an
innocent bystander, the person whose address the spammers
used as the return adddress. This will result in your and
my being morally responsible for spamming that innocent
bystander; you and I shall become spammers if I use your
service.
Have you thought about any measures to overcome this
concern?
--
Jack Waugh
Re: Antispam -- An open letter to Cruelmail -- Effect of Forged Return Addresses
am 15.01.2005 05:03:54 von jack
What if the SMTP host rejected, *during the SMTP session*, mail where
the From address isn't whitelisted and the mail doesn't include a key
like Cruelmail's "postage"? Rejecting the likely spam during the SMTP
session instead of rejecting it by mailing to the return address gets
around the problem of spamming innocent bystanders whose mail addresses
the spammers have stolen to use as return addresses in spam.
(I also wrote this in another forum, at http://snipurl.com/c11n ; some
replies might accumulate there).
Re: Antispam -- An open letter to Cruelmail -- Effect of Forged Return Addresses
am 15.01.2005 10:52:29 von Frank Slootweg
Jack <8e2icjp02@sneakemail.com> wrote:
> What if the SMTP host rejected, *during the SMTP session*, mail where
> the From address isn't whitelisted and the mail doesn't include a key
> like Cruelmail's "postage"? Rejecting the likely spam during the SMTP
> session instead of rejecting it by mailing to the return address gets
> around the problem of spamming innocent bystanders whose mail addresses
> the spammers have stolen to use as return addresses in spam.
No, it *doesn't* ("get around the problem of spamming innocent
bystanders ..."). This has been discussed in this group ad nauseum. The
"reject during the SMTP session" variety of C-R suffers from similar
problems as the bouncing variety, because the sending MTA *must* send a
DSN *email* message (== spam) to the (forged) return address.
See for *example*:
http://groups.google.ca/groups?selm=1r2vg01jrmbob32probmu4gl 1s8e5m3sqr@4ax.com
and
http://groups.google.ca/groups?selm=vfd9txxj.fsf@blue.sea.ne t
> (I also wrote this in another forum, at http://snipurl.com/c11n ; some
> replies might accumulate there).
Re: Antispam -- An open letter to Cruelmail -- Effect of Forged Return Addresses
am 16.01.2005 14:40:08 von jack
Aw, rats. I guess everybody has to get on board the new protocols
being proposed to replace SMTP.
Re: Antispam -- An open letter to Cruelmail -- Effect of Forged Return Addresses
am 09.02.2005 23:34:16 von jack
Re http://snipurl.com/cnue by Frank Slootweg:
I can't follow your references. Maybe you could put them through
www.snipurl.com?
Wouldn't it be the case that sending spam to a bogus address with a
forged return address would cause the sending MTA to send a bogosity
retort to the forged return address? So the problem is already
inherent in the protocols and making an address act bogus when it
doesn't like what is coming doesn't make things qualitatively worse.
Re: Antispam -- An open letter to Cruelmail -- Effect of Forged Return Addresses
am 15.03.2005 15:01:06 von Frank Slootweg
[Very late response due to extended absence.]
On February 9, Jack <8e2icjp02@sneakemail.com> wrote:
> Re http://snipurl.com/cnue by Frank Slootweg:
>
> I can't follow your references. Maybe you could put them through
> www.snipurl.com?
I assume you read this group via Google's Google Groups BETA
interface. If so, apparently that interface breaks posted URLs (Don't
ask me why!). I looked at my article and the URLs have dots ("...") in
them, apparently 'because' the URLs don't fit on one line. I can only
suggest to use the non-BETA interface at any of the 'local' Google
sites, for example at
http://www.google.ca/grphp?hl=en&tab=wg&q=
[or see http://www.google.ca -> Groups if even the above URL is too
long for GG BETA]
or better, use a real newsreader.
> Wouldn't it be the case that sending spam to a bogus address with a
> forged return address would cause the sending MTA to send a bogosity
> retort to the forged return address? So the problem is already
> inherent in the protocols and making an address act bogus when it
> doesn't like what is coming doesn't make things qualitatively worse.
We were not talking about a bogus target address. We were talking
about a *valid* *target* address, but a *non-whitelisted* *From*
address.