Re: Public pressure works against prominent compan

Author	All Replies
Mr Pilkington @ip.alltel	reply to GOLFnSUN Re: Public pressure works against prominent compan Ha ha ha - I don't think it's even near the final solution against spam. I do think it's one that hasn't been tried yet. Matchstick - You do allow your mail server to look up outside MXs. You just don't allow any other IP range(s) to do the same. And, your DNS server would allow anyone to request its own records. For example, if you are bob.com, anyone can pull the bob.com MX records. However, if a bob.com user's IP wants joe.com's MX address, the request is denied. If bob.com's email server wants joe.com's MX, it's allowed. pcscdma - Your description is correct. However, the spambots do that entire process on your machine; they're their own mail server. That's why they shouldn't have access to MX records in the first place. pog - There would be no true "whitelist" to manage and actually not much "management" at all. Simply block MX records from all except a few subnets or IP ranges. I don't think anyone is thinking far enough into it before instantly deeming it useless. You're not blocking your MX records from ouside sources. You're preventing your users' PCs from obtaining ouside MX's and hoping others will do the same in return.
Mr Pilkington @ip.alltel	to forum · permalink · 2005-03-02 01:24:25 ·
pcscdma Chocobo Chocobo Random Battle Premium join:2004-01-14 Winterset, IA clubs:	said by Mr Pilkington: ... and hoping others will do the same in return. That's the hard part.
	to forum · permalink · · 2005-03-02 10:57:51 ·
robscullion Premium join:2001-12-07 Philadelphia, PA ·Speakeasy	reply to Mr Pilkington Just for the sake of argument, I think you'd have to also block any direct outbound DNS queries from the zombies (client PCs) to outside DNS servers in order to make this at all feasible. Otherwise, the zombies could just skip the local DNS server and do an end-run around the whole system by querying the remote DNS servers directly. But isn't the point here that the referenced spam software is sending via the zombie ISP's SMTP server? In that case, there's no MX DNS query involved. I don't even see how you can really differentiate the zombie software from the legitimate user. The zombie just sends to the ISPs SMTP server and that server takes care of all the forwarding for it. Maybe if all ISPs forced authentication for sending even from within their own network it would put a dent in Send Safe type systems. Does this Send Safe stuff steal auth info from the user's local legit email software? If so, I guess that'd be a dead end as well. Otherwise, going to a system that requires authentication over a secure channel for sending email might at least curb the effectiveness of this particular method.
	to forum · permalink · · 2005-03-02 12:02:17 ·


Sunday, 08-Nov 21:32:42	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF