rfc1978 help

Jeroen Massar jeroen at unfix.org
Fri Nov 5 20:55:07 UTC 2004


On Fri, 2004-11-05 at 14:29 -0600, Todd T. Fries wrote:
> I've been seeing MX's resolving to 127.0.0.1 for a few months now, and
> planning to write some sort of envelope from checking apparatus to refuse email
> who's envelope from MX resolves to 127.0.0.1 (and now that you mention it),
> rfc1918 address space (and perhaps bogon space as well?)...

Better block the internet in that case ;)
I heared of BGP feeds that provide 'questionable prefixes' so that one
can nicely nullroute those using that system.

I still am of the opinion that only accepting verifyable PGP signed mail
could slow spammers down a bit, then at least the spambot took the time
of generating, distributing and letting people trust the spambots key.
Maybe trow in some trust metric ala advogato!? Then again, the spambots
will simply find the preconfigured key from an infected user and start
using that, save passwords ole, at least one then knows the source it is
coming from is really also able to sign it that way, thus most likely is
the problem person, unless the virus of course redistributes the pgp
keys using some nice p2p algo to other worms. (ohoh :) This would at
least take away most of the virusses sending random sources. But getting
everybody to do PGP-signed mail is asking the same thing as asking
people to turn of sending html emails,  A somewhat similar scheme does
work for RIPE-db updates, but the people submitting there have probably
some clue on how to configure their boxes and unfortunately we are of
course talking about $lusers. Spam already lost it from virusses and the
spam coming forth from misconfigured antivirus tools sending 'hi you
send a virus' alike messages. Above setup should be able to work for
closed communities like mailinglists where only a few number of people
post, if you want to post, sign your message, mailinglist software could
then verify the key and only pass it on if the member is subscribed and
the signature is valid. A virus picking random addresses and sending to
existing messages in the mailbox, thus having 'valid' source/dest
combinations doesn't make much of chance then unless it figures out the
pgp key and the password. Then again I just might be a ...
http://www.rhyolite.com/anti-spam/you-might-be.html ;)

BTW1: that because you quote above my complete message, my message
becomes part of your signature and my mailer nicely ignores it ;)
BTW2: Ooops... discussing spammy related things on NANOG....

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20041105/ad5a9eb3/attachment.sig>


More information about the NANOG mailing list