nanog mailing list archives
Re: rfc1978 help
From: Jeroen Massar <jeroen () unfix org>
Date: Fri, 05 Nov 2004 21:55:07 +0100
On Fri, 2004-11-05 at 14:29 -0600, Todd T. Fries wrote:
I've been seeing MX's resolving to 127.0.0.1 for a few months now, and planning to write some sort of envelope from checking apparatus to refuse email who's envelope from MX resolves to 127.0.0.1 (and now that you mention it), rfc1918 address space (and perhaps bogon space as well?)...
Better block the internet in that case ;) I heared of BGP feeds that provide 'questionable prefixes' so that one can nicely nullroute those using that system. I still am of the opinion that only accepting verifyable PGP signed mail could slow spammers down a bit, then at least the spambot took the time of generating, distributing and letting people trust the spambots key. Maybe trow in some trust metric ala advogato!? Then again, the spambots will simply find the preconfigured key from an infected user and start using that, save passwords ole, at least one then knows the source it is coming from is really also able to sign it that way, thus most likely is the problem person, unless the virus of course redistributes the pgp keys using some nice p2p algo to other worms. (ohoh :) This would at least take away most of the virusses sending random sources. But getting everybody to do PGP-signed mail is asking the same thing as asking people to turn of sending html emails, A somewhat similar scheme does work for RIPE-db updates, but the people submitting there have probably some clue on how to configure their boxes and unfortunately we are of course talking about $lusers. Spam already lost it from virusses and the spam coming forth from misconfigured antivirus tools sending 'hi you send a virus' alike messages. Above setup should be able to work for closed communities like mailinglists where only a few number of people post, if you want to post, sign your message, mailinglist software could then verify the key and only pass it on if the member is subscribed and the signature is valid. A virus picking random addresses and sending to existing messages in the mailbox, thus having 'valid' source/dest combinations doesn't make much of chance then unless it figures out the pgp key and the password. Then again I just might be a ... http://www.rhyolite.com/anti-spam/you-might-be.html ;) BTW1: that because you quote above my complete message, my message becomes part of your signature and my mailer nicely ignores it ;) BTW2: Ooops... discussing spammy related things on NANOG.... Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Network Monitoring System - Recommendations?, (continued)
- Re: Network Monitoring System - Recommendations? Alexei Roudnev (Nov 01)
- Re: Network Monitoring System - Recommendations? Joe Shen (Nov 01)
- Message not available
- Re: Network Monitoring System - Recommendations? Alexei Roudnev (Nov 01)
- Re: Network Monitoring System - Recommendations? Alexei Roudnev (Nov 01)
- Re: Network Monitoring System - Recommendations? Joe Shen (Nov 01)
- Re: Network Monitoring System - Recommendations? Alexei Roudnev (Nov 01)
- Re: Network Monitoring System - Recommendations? Richard J. Sears (Nov 04)
- RE: Network Monitoring System - Recommendations? Charlie Khanna - NextWeb (Nov 04)
- Re: Network Monitoring System - Recommendations? Chris A. Epler (Nov 05)
- rfc1978 help adrian kok (Nov 05)
- Re: rfc1978 help Jeroen Massar (Nov 05)
- Re: rfc1978 help Jess Kitchen (Nov 05)
- Message not available
- Re: rfc1978 help Jeroen Massar (Nov 05)
- Re: Network Monitoring System - Recommendations? Chris A. Epler (Nov 05)