[AusNOG] Conspiracy? Manupulation? See it for yourself!

Karl Hardisty karl at mothership.co.nz
Wed Apr 24 14:17:15 EST 2013


What's the point of bringing in measures to fight spam if everyone ignores it?

Enforce it, and drag the providers who are ignoring it into the 21st century.

As for not having control over one's own DNS, I'll let others debate the merits of that.

lE karl at mothership.co.nz lW mothership.co.nz  lA PO Box 99814, Newmarket  lM 021 999 990 lP 974 3171 

On 24/04/2013, at 4:13 PM, Heinz N <ausnog at equisoft.com.au> wrote:

> Not everyone has SPF or TXT records. If the MTA enforces SPF, then senders without it will get bounced. Also note that not everyone has control of their DNS. It is sad that there is so little usage of SPF & TXT records in the wild. If *everyone* has SPF then spam would be heavily diminished. Unfortunately there are just too many people who don't like adding extra records in their zone files.
> 
> - Heinz
> 
> On Wed, 24 Apr 2013, Chris Jones wrote:
> 
>> Wouldn't a simpler solution be:
>> 
>> 1.  Add an SPF record for ausnog.net
>> 2.  Enforce this on lists.ausnog.net
>> 
>> ??
>> 
>> - Chris
>> 
>> On 24/04/2013, at 1:33 PM, Heinz N <ausnog at equisoft.com.au> wrote:
>> 
>>> On Wed, 24 Apr 2013, Skeeve Stevens wrote:
>>> 
>>>> So we know where the spam is coming from or how they are subscribing?
>>>> 
>>> 
>>> Reading the headers:
>>> 
>>> From: <ausnog at ausnog.net>
>>> To: <ausnog at ausnog.net>
>>> 
>>> I think that the spammers are not subscribing at all. They are exploiting a simple weekness in the MTA configuration.
>>> 
>>> I would not dare test this as it might be perceived as an attack, but I suspect that the ausnog MTA will relay if the "RCPT To:" and "MAIL From:" are both reported as from local domain ausnog.net.
>>> 
>>> I had this problem a long while ago and the only way I could get around this was to have 2 MTAs. One "public" one will accept mail to my local domain(s) but it is specifically blocked from relaying for them. The private one will relay for the local domains and is only used for sending out. Now spammers get a nasty bounce message if they try to pretend to be "MAIL From:" any of my local domains, sending "RCPT To:" any of my local domains :-)
>>> 
>>> Regards,
>>> Heinz N.
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>> 
>> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130424/61314242/attachment.html>


More information about the AusNOG mailing list