Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Normal isn't your first language, is it?

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


           

Reverse SMTP

Notification of email to be picked up
  (+3, -1)
(+3, -1)
  [vote for,
against]

OK, there are tons of postings here for spam, so apologies if this has been done...

This is the simplest way to eliminate most spam that I can think of, so it probably has many holes in it.

1. A server with mail to send contacts the destination server and notifies that there is mail to be picked up - very short message, provides mail message ID and server domain name only (mail1.abc.com or abc.com) and IP addresses are not allowed.

2. Destination server does either a local blacklist lookup or checks a public blacklist or both to see how many spams it has received from the sender server or domain, makes a decision whether to pick up or not based on its configured threshold. If no, then we are done.

3. If yes, destination server does a DNS lookup on the domain name and retrieves the correct message from the sender server using the message ID.

I would suggest the use of some encryption for the initial transaction to ensure that the message IDs are not intercepted in transit.

In the case of DNS abuse by registering tons of bogus domains, the registrars would have to be vigilant, but remember there would be a non-trivial cost in time and money to doing this.

This prevents zombies from sending mail direct from a PC, as the PC has no registered DNS address. It also provides an automatic blacklist system as large servers could publish lists of the largest spammer servers or domains.

So - why won't this work?

DrFever, Dec 13 2005

How to protect your server against being used as a mail relay. http://www.mail-abu...an_sec3rdparty.html
[reensure, Dec 15 2005]

[link]






       Many mail servers are already configured to reject mail from IP addresses without a reverse lookup. How is this any different?
NoOneYouKnow, Dec 14 2005
  

       What [NoOneYouKnow] said. And this really was a very effective counter measure, some time briefly in spring 1985.   

       Like legitimate users, the zombie PC sends email via the PC owner's ISP provider, that is, via a normal SMTP gateway. That SMTP gateway has a DNS address (and handles lots of legitimate traffic).
jutta, Dec 14 2005
  

       I guess that the advantage here is that you have a genuine record of the server that sent the mail (as you have to visit it to retreive the mail).   

       I thought that trojans that zombify PCs to send spam carried their own SMTP server. If this is the case then the idea would block those zombies. If they do use the ISP's SMTP server then at least the spam is identified higher up the chain and the server could be informed that it is sending out spam and email the users whose IP addresses are doing so.   

       The trouble that I see is that every mail app and server out there is going to have to be rewritten to incorporate this new protocol, and that's no quick fix.   

       [+] for the thought, though. I really want to see a email system where nobody can send a message without disclosing their email address (or in this case originating server).
st3f, Dec 15 2005
  

       "every mail app and server out there is going to have to be rewritten" - won't that be required for any permanent fix for spam?
DrCurry, Dec 15 2005
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle