Wandering Thoughts archives

2006-11-01

The downsides of remailing

In the context of SPF and its need for SRS instead of simple mail forwarding, a local sysadmin recently asked on our sysadmin mailing list:

What is bad about remailing?

Fundamentally we're being asked to do extra work that benefits other people, people who've chosen to break their own mailers for no actual benefit. This is backwards, and in my opinion accommodating such people only encourages the next lot to demand that everyone else clean up their messes.

Apart from that:

  • remailing requires additional software and configuration, especially if you want to stop people from still (accidentally) using non-remailing forwarding.
  • simple Unix implementations require people you are remailing for to have something approximating a real account. Forwarding just requires an /etc/aliases entry, which is a lot more reassuringly secure.

  • the simplest implementation discards bounces entirely, insuring that if something goes wrong with the forwarding (and things go wrong with forwarding all the time) that no one will ever find out about it.
  • slightly more complicated schemes turn you into an open relay if the spammers start forging 'bounces' and sending them through you.
  • to make a secure scheme, you either need to keep a database of remailed mail or you run into SMTP address length limits when there is a remailing chain.

(PS: remember to forward the SMTP null origin address unaltered.)

  • the origin address is useful information, and for many purposes remailing destroys it. The remote MTA cannot really do filtering or whitelisting on it any more, and people who want to use it in their own filters will have to fish it out of the message headers (with a different fishing technique for every different place things get forwarded to them).
  • on a non-technical level, putting your own name on something by remailing it (instead of merely forwarding it) makes you more strongly associated with it. This is a problem when you start remailing spam. It also makes it look more like you really did originate the message, and the other Received: headers are just fakes injected on your machine.

(Obligatory attribution: I mined a bunch of ideas from here and here.)

Sidebar: why SPF is pointless

SPF is pointless because it doesn't solve any actual problems.

  • it doesn't stop spam; there are a lot of domains without SPF records that spammers can forge freely, and spammers can and do use their own throwaway domains with valid SPF records.
  • it doesn't stop you from getting hammered with bounce backscatter; there are and there's always going to be lots of machines on the Internet that don't implement SPF. (And almost everything that still generates backscatter is well behind the best practices curve to start with.)
  • it doesn't stop phishing; the phishers barely bother to forge origin addresses to start with (partly because they're invisible to about 99% of the people reading email).

My experience also suggests that having SPF records doesn't cause spammers to avoid forging your domain.

spam/RemailingDownsides written at 23:07:39; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.