Mailing List Archive: SPF: Discuss

Twilight period/configuration

Index | Next | Previous | View Threaded

dan at boresjo

Oct 9, 2003, 8:26 AM

Post #1 of 4 (459 views)
Permalink

Twilight period/configuration

Hi,

I only subscribed to this list yesterday so apologies if this idea has
already been covered:

The spec describes the ability for individual domains to choose when/if to
begin rejecting non-SPF and/or 'softdeny' mail sources as basically an on/off
option.

There is a half-way house (or 'twilight period') of downgrading the delivery
speed. Basically this involves a technique similar to 'greylisting', where
mail of questionable origin is rejected with a temporary failure "451 Please
try again later". On subsequent re-try attempts by the sending MTA the mail
will be accepted.

This can be used to create a 'second-class email' category for non-SPF mail
where delivery is delayed. As time goes on, the pressure on those not in
compliance can be ratcheted up by slowly increasing the delay period. For
instance begin with a 1-hour delay and add an extra hour each month.
After a year, the delay would be 12 hours etc... SPF-enabled MTA's can even
use the current date to calibrate this so that admins don't have to bother.

Further more it is the sending (non-compliant) MTA that feels the pain of having
to queue all of these delayed emails. Secondly many current spam tools do
not attempt redelivery so a great deal of spam will be stopped completely right
from the start.

- Dan

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

richard at belcarra

Oct 9, 2003, 9:07 AM

Post #2 of 4 (438 views)
Permalink

Re: Twilight period/configuration [In reply to]

One aspect of spam noted by a friend of mine in the computer security
business is that many spam programs don't re-try if they get a soft
error the first time.

His initial thought was to introduce a cycle in the MTA that would
reject all unknown sender/IP address combos the first time and allow
them the second within a (relatively) short period of time (say 1 hour
or 4 hours) since most spammers either don't retry at all, or retry the
next "cycle" which may be many hours later if they are in the millions
of addresses league.

This aspect is due to the fact that the spam program doesn't run a
"normal" MTA - one which retries as a rule and backs off on retry time
to longer and longer times over a matter of days.

richard

On Thu, 2003-10-09 at 08:26, Dan Boresjo wrote:
> Hi,
>
> I only subscribed to this list yesterday so apologies if this idea has
> already been covered:
>
> The spec describes the ability for individual domains to choose when/if to
> begin rejecting non-SPF and/or 'softdeny' mail sources as basically an on/off
> option.
>
> There is a half-way house (or 'twilight period') of downgrading the delivery
> speed. Basically this involves a technique similar to 'greylisting', where
> mail of questionable origin is rejected with a temporary failure "451 Please
> try again later". On subsequent re-try attempts by the sending MTA the mail
> will be accepted.
>
> This can be used to create a 'second-class email' category for non-SPF mail
> where delivery is delayed. As time goes on, the pressure on those not in
> compliance can be ratcheted up by slowly increasing the delay period. For
> instance begin with a 1-hour delay and add an extra hour each month.
> After a year, the delay would be 12 hours etc... SPF-enabled MTA's can even
> use the current date to calibrate this so that admins don't have to bother.
>
> Further more it is the sending (non-compliant) MTA that feels the pain of having
> to queue all of these delayed emails. Secondly many current spam tools do
> not attempt redelivery so a great deal of spam will be stopped completely right
> from the start.
>
> - Dan
>
> -------
> Sender Permitted From: http://spf.pobox.com/
> Archives at http://archives.listbox.com/spf-discuss/current/
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡
--
Richard C. Pitt C.E.O. Belcarra Technologies
richard [at] belcarra direct: 604-644-9265 www.belcarra.com
Embedded Systems Communications Specialists - USB, ATM, LAN/WAN, Wireless
USB for Linux, Windows, MAC OS/X - USBLAN (tm) - drivers for USB mass storage
PGP Fingerprint: BA31 64B9 172D AF08 B174 B5BB 8E36 E56C F46D D371

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

david at ols

Oct 9, 2003, 9:40 AM

Post #3 of 4 (439 views)
Permalink

Re: Twilight period/configuration [In reply to]

Hi !!

> One aspect of spam noted by a friend of mine in the computer security
> business is that many spam programs don't re-try if they get a soft
> error the first time.

we tried greylisting for some time, the problem is that there are lots
of legal mta's out of there that alkso don't retry.

--
Best regards ...

Discoveries are made by not following instructions.

----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david [at] ols
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

dan at boresjo

Oct 9, 2003, 12:22 PM

Post #4 of 4 (438 views)
Permalink

Re: Twilight period/configuration [In reply to]

On Thursday 09 October 2003 5:07 pm, Richard Pitt wrote:
> His initial thought was to introduce a cycle in the MTA that would
> reject all unknown sender/IP address combos the first time and allow
> them the second within a (relatively) short period of time (say 1 hour
> or 4 hours) since most spammers either don't retry at all, or retry the
> next "cycle" which may be many hours later if they are in the millions
> of addresses league.

Greylisting uses (client IP/sender/recipient) tuples as the unique key.
If you don't include the recipient it will not scale well enough to handle
domains with large numbers of users.

In any case, my point was not that this would be a long-term antispam
solution since spammers will eventually improve their software.

The point was with reference to the 'global adoption strategy' of turning the
screws on non-SPF sender domains beginning on July 4th. The problem is that
if SPF does not have critical mass by then, adopters will feel the pain of
blocking non-SPF emails and therefore won't do it. Hence the stategy fails.

By having a twilight period beginning July 4th 2004, where noncompliant mail
is simply delayed rather than blocked, the pain falls more heavily on the
senders rather than the adopters, who will see thair mailqueues grow rapidly.

With a dalay increase rate of 1 hour per month, the full adoption date (ie
full blocking) can be set back to, say, July 4th 2010. By that time
non-compliant deliveries will already be taking 3 days and I can't believe
there will be many domains that have not bothered to add a few simple DNS
records by that time. Six years is a pretty long window of opportunity, even
for morons.

Of course this is non intended to prevent individual recipient domains from
blocking right from the start. It is simply a gentler way of organising the
coordinated strategy.

- Dan

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads