ASSP ?

Help improve Exetel's services (a Suggestion Box is also available in your member facilities)
petemoss
Posts: 192
Joined: Sat Sep 30, 2006 3:22 pm

ASSP ?

Post by petemoss » Sat Jun 16, 2007 8:33 pm

Does Exetel have any plans to implement Anti-Spam-SMTP-Proxy (ASSP) ?

James D

Post by James D » Sun Jun 17, 2007 5:40 am

Not that i know of.

petemoss
Posts: 192
Joined: Sat Sep 30, 2006 3:22 pm

Post by petemoss » Sat Sep 01, 2007 8:51 pm

Any changes in this issue ?

Spanner_Man

Post by Spanner_Man » Sat Sep 01, 2007 9:45 pm

Grey listing works better as it forces the mail server to re-send the same email again. Spammers don't use an email server, they use sendmail or something similiar to offload their rubbish.

petemoss
Posts: 192
Joined: Sat Sep 30, 2006 3:22 pm

Post by petemoss » Sat Sep 01, 2007 10:07 pm

... and possibly whitelists with ASSP are better still. That way, I can state exactly 'who' I want to recieve email from. :D

I've dialogued a bit with people who run their own email servers, and they agree, that greylisting is a pain, usually a manual inconvenience.

The Disadvatages of Greylisting
Perhaps the most significant disadvantage of greylisting is the fact that, like all spam mitigation techniques, it destroys the near-instantaneous nature of email people have come to expect, and throws email back to the early days when it was slow and unreliable. A customer of a greylisting ISP can not always rely on getting every email in a small amount of time. Thus email loses its function as easy and effortless vehicle to transfer electronic information instantenously.

On a technical level, some SMTP clients (and SMTP servers acting as clients) may interpret the temporary rejection as a permanent failure. A client is permitted to give up on delivery after the first failed attempt; although it is considered a poor practice, it is not a violation of any technical specification for the client to do so. The current SMTP specification (RFC 2821) clearly states that "the SMTP client retains responsibility for delivery of that message" and "the SMTP client is encouraged to try again", but the original specification (RFC 821) was less imperative, stating only that clients "should" retry messages.

This problem can affect SMTP clients in unexpected ways. Most MTAs will queue and retry messages, but a small number do not.[1] A similar concern exists for applications which act as SMTP clients and fail to incorporate any form of queueing for deferred SMTP mail. This can be mitigated on the sending side by configuring the application to use a local SMTP server as an outbound queue, instead of attempting direct delivery. For the server operator who uses greylisting, clients which are known to fail on temporary errors can be supported by whitelisting or exception lists.

Some MTAs, upon encountering the temporary failure message from a greylisting server on the first attempt, will send a warning message back to the original sender of the message.[1] The warning message is not a bounce message, but it is often formatted similarly to and reads like one. This practice often causes the sender to believe that the message has not been delivered, when in fact the message will be delivered successfully at a later time.

When a mail server is greylisted, the duration of time between the initial delay and the re-transmission is variable. Some mail servers use a default of 4 hours, though most will retry sooner. Most open-source MTAs have retry rules set to attempt delivery after around fifteen minutes (Sendmail default is 0, 15, ..., Exim default is 0, 15, ..., Postfix default is 0, 16.6, ..., Qmail default is 0, 6:40, 26:40, ...).

Greylisting delays much of the mail from non-whitelisted mail servers - not just spam - until typical patterns of communication are recorded by the greylisting system.

Also, legitimate mail might not get delivered, if the retry doesn't come within the time window the greylisting software uses, or if the retry comes from a different IP address than the original attempt: When the source of an e-mail is a server farm or goes out through an anti-spam mail relay service it is likely that on the retry a server other than the original server will make the next attempt. Since the IP addresses will be different, the recipient's server will fail to recognize that the two attempts are related and refuse the latest connection as well. This can continue until the message ages out of the queue if the number of servers is large enough. The problem can be partially bypassed by identifying and whitelisting such server farms in advance. However, it is not possible on a distributed network the size of the Internet to maintain a complete list of all such server farms. [1]

Greylisting can be a particular nuisance with websites that require you to create an account and confirm your e-mail address before you can begin using them. Because greylisting will delay, possibly for several hours, the initial e-mail containing your signup confirmation link, it will introduce a waiting period even though the actual website may send out your e-mail confirmation code immediately.

In order for greylisting to work for a particular domain, all backup mail servers (as specified by lower-priority MX records for the domain) must implement the greylisting policy as well. This may not be easily achievable if the backup mail server is not under direct control of the domain owner.
HTH
Last edited by petemoss on Mon Sep 03, 2007 5:43 pm, edited 1 time in total.

Spanner_Man

Post by Spanner_Man » Sun Sep 02, 2007 10:13 am

Greylisting allows to manually whitelist an address, just as you whitelist with any other anti-spam measure, so that point is null and void

petemoss
Posts: 192
Joined: Sat Sep 30, 2006 3:22 pm

Post by petemoss » Mon Sep 03, 2007 5:48 pm

Spanner_Man wrote:Greylisting allows to manually whitelist an address, just as you whitelist with any other anti-spam measure
Any "use" of a whitelist, be it sourced from greylisting or other forms, is, still a whitelist, NOT a greylist. :lol:

I'd prefer to take the advice of the people who run their own email servers. :roll:

Spanner_Man

Post by Spanner_Man » Tue Sep 04, 2007 9:35 am

petemoss wrote:I'd prefer to take the advice of the people who run their own email servers. :roll:
Which i do myself. Don't always assume that some people don't already practise what they advise.

SysAdmin

Re: ASSP ?

Post by SysAdmin » Tue Sep 04, 2007 10:28 am

petemoss wrote:Does Exetel have any plans to implement Anti-Spam-SMTP-Proxy (ASSP) ?
I'm not sure what the point would be to have two anti-spam systems, so no, there are no plans.

Andrew

NetworkAdmin
Posts: 559
Joined: Tue Jan 06, 2004 1:19 am
Contact:

Re: ASSP ?

Post by NetworkAdmin » Tue Sep 04, 2007 10:34 am

petemoss wrote:Does Exetel have any plans to implement Anti-Spam-SMTP-Proxy (ASSP) ?
Interesting read. Unfortunately I am still getting spam, so it can't be that great an idea - since it hasn't had any measurable effect over four years.

"A message from the founder of ASSP: John Hanna

It has long been clear to me that the best place to stop spam is at an organization's SMTP server. "

I disagree. The place to stop spam is with careless end users who allow their PC's to become compromised and distribute spam - which accounts for over 90% of all spam.

The few remaining percent of servers deliberately sending spam can then be accurately isolated making them a losing proposition for the spam distributor.

Spanner_Man

Re: ASSP ?

Post by Spanner_Man » Tue Sep 04, 2007 11:09 am

NetworkAdmin wrote:I disagree. The place to stop spam is with careless end users who allow their PC's to become compromised and distribute spam - which accounts for over 90% of all spam.

The few remaining percent of servers deliberately sending spam can then be accurately isolated making them a losing proposition for the spam distributor.
I agree with you also.
The majority of home pc's that become infected with spyware that turn into zombie mail servers is unbeleivable, and in a way it releates to a topic i posted awhile ago about Windows is Free
Too many cracked copies of Windows that don't have security updates that spyware takes advantage of. Its an endless circle.

tocpcs
Posts: 523
Joined: Sun Aug 26, 2007 10:01 am
Location: Online

Re: ASSP ?

Post by tocpcs » Tue Sep 04, 2007 12:13 pm

Spanner_Man wrote:
NetworkAdmin wrote:I disagree. The place to stop spam is with careless end users who allow their PC's to become compromised and distribute spam - which accounts for over 90% of all spam.

The few remaining percent of servers deliberately sending spam can then be accurately isolated making them a losing proposition for the spam distributor.
I agree with you also.
The majority of home pc's that become infected with spyware that turn into zombie mail servers is unbeleivable, and in a way it releates to a topic i posted awhile ago about Windows is Free
Too many cracked copies of Windows that don't have security updates that spyware takes advantage of. Its an endless circle.
Thats a very good point, in fact, I think all ISPs need to block 25 by default and enable it on a per user basis (a user must knowingly enable it).

Such a measure would eliminate spam from nearly all networks, and the costs of implementing such a strategy wouldn't be significant (and think of the bandwidth savings!).

Spanner_Man

Post by Spanner_Man » Tue Sep 04, 2007 2:35 pm

No what should be done is the following;
All domains should have an SPF record
Exetel does have an SPF record in the exemail domain which is good :-)
Hotmail looks for an SPF record since 2004. I think its about time that ALL domains have one.

SysAdmin

Post by SysAdmin » Tue Sep 04, 2007 4:06 pm

Spanner_Man wrote:No what should be done is the following;
All domains should have an SPF record
Exetel does have an SPF record in the exemail domain which is good :-)
Hotmail looks for an SPF record since 2004. I think its about time that ALL domains have one.
SPF is not an anti-spam measure; it just happens to look like one on TV.

Andrew

Spanner_Man

Post by Spanner_Man » Tue Sep 04, 2007 4:14 pm

SysAdmin wrote:SPF is not an anti-spam measure; it just happens to look like one on TV.

Andrew
Perhaps some light reading for you Andrew ... http://www.openspf.org/Introduction
Protection of a users email address can help stop alot of email that isn't warranted, it may not be classed as spam but has the same taste as spam (both the electronic kind and the compressed meat type).

And why are you making a post like that Andrew when in fact the exemail domain has in place an SPF record??

Post Reply