[LINK] Solution to SPAM checking

Adam Todd link at todd.inoz.com
Thu Feb 1 12:53:57 AEDT 2007 

At 12:15 PM 1/02/2007, you wrote:
>So it has a positive effect, if setup carefully.
>
> > it's also completely useless on very busy mail servers because they're
> > already struggling under the load of receiving and delivering actual
> > mail, let alone making an extra outbound SMTP connection for every
> > incoming message (even caching the result of the Sender address lookup
> > doesn't help much). so, it's vaguely useful on small, lightly-loaded
> > mail servers. which hardly makes a dent (if at all) on the spam volume.
>
>It dropped the server load of the central AV/spam scanning gateway at my
>last job. Which was pushing > couple million messages a day easy.
>The server suddenly didn't have to handle huge amounts of bounce load.

I think the point I was making is that SMTP servers don't have a 
verification process of checking built in between them, only by using data 
outside of them.

RBL's, MX record checks don't prove that the originating address is in fact 
a valid address coming from a valid and authenticated server.

We now need to progress the handshake protocol from the simple assumption 
of allowing inbound mail to be delivered, to actually authenticating the 
inbound mail as being legitimate.

Yes, one problem this will cause is that mobile users who select random 
servers for relay will have problems.  But then, that's the whole point!  A 
mobile user should be using an authenticated server!

Many of us who are mobile already use authentication between the random 
remote user and the SMTP server to verify that the inbound mail to be 
processed is in fact coming from an authenticated and approved source, and 
then that user is in fact allowed to use the SMTP server for mail transmission.

What we now need to do is take that same process and have the SMTP server 
that receives the message, as part of it's handshake, lookup the domain of 
the sender (not the smpt server) and authenticate that the sender is in 
fact real and allowed to send via the path that is being presented.

Well that's the simplistic part.  Relay Hosts and MX hosts will have to be 
looked at in due course.  But in most cases the mail server that has a 
visible IP address, has a means to AUTHENTICATE that the mail it is 
delivering is in fact ALLOWED to be sent from it to the destination.

A host that has no ability to verify a relay won't relay - well shouldn't 
in this day and age - gone are the early 1990's where everyone shared their 
mail servers as MX's and open relays to assist in getting messages around.

More information about the Link mailing list