North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: and other email grief

  • From: william(at)
  • Date: Fri Dec 10 16:07:26 2004

On Fri, 10 Dec 2004, Christopher X. Candreva wrote:

> That would be 1000's of other people's servers getting traffic from you 
> because someone forged their address in the spam. You are effectively 
> doubleing the total load spam places on the net.

That is already what happens when spammer forged your address - you see
1000's people sending you bounces and nastygrams. The real solution is
to use some form of protection for envelope mail-from address so that
it could not be so easily spoofed and forged. There are currently
several proposals on the table on how to do it and some of the proposals 
are already being used on the internet in experimental ways:

 SPF (dns records listing ips of mail systems that can send mail with given
      envelope mail-from domain). 
  For more information see:

 CSV with MPR records (similar SPF but provides list of mail-server hostnames
     that can use MAIL-FROM domain, the spoofing of mail-server names  is 
     protected based on EHLO by CSV):
  For more information see:
     (and for CSV see

 BATV (replacement of your real mail-from address with special private
       connection-specific address - this allows to /dev/null bad
       bounces if they come back to you and you did not send the email).
  For more information see:

 SES  (predates BATV and similar technique, except that a HMAC
       encrypted address can confirmed by means of public server
       which allows email to be dropped at recepient instead of
       dropped at the source as being bad bounce as with BATV).
  For more information see:

William Leibzon
Elan Networks
[email protected]