The limits of some anti-spam precautions

October 22, 2009

In some quarters it is quite popular to do things like refuse email if the sending machine doesn't have valid reverse DNS or doesn't use a valid domain name in EHLO (or HELO). It's also popular to tell people that everyone should do this, for various reasons.

(Sometimes it's even popular to grumble about how all of the laxness of mailers about this sort of stuff has helped enable the spam epidemic.)

Setting aside all of the other reasons why these things may not be a good idea, it is worth pointing out that the only reason that these precautions work now is that not very many MTAs are using them. In much the same way that spammers once used invalid domains in the envelope sender address and now almost never do (because large MTAs started checking that), spammers are perfectly capable of adopting to use valid EHLO names and to only sending from machines with valid reverse DNS, if they actually need to. Indeed, the fact that the spammers don't bother to do any of this is a strong sign that only an insignificant number of MTAs use such precautions today.

(The history of bad domains in MAIL FROMs is a great example of this, in fact. It used to be a great way to get rid of a bunch of spam, until places like AOL (which was then an important spam target) started doing it. The next thing you knew, spammers were using real domains. I wouldn't be surprised if spammers adopted faster than real domains to the new reality.)

Or in short: spammers are lazy, not stupid (at least in the aggregate).

The corollary is that if you find an anti-spam heuristic like this that works for your email, you should not try to get other people to adopt it. The worst thing you could possibly do for your spam load is to persuade a significant number of MTAs to get more picky in what they accept.

(There is probably already an aphorism somewhere that says 'any widely adopted anti-spam measure will be actively defeated by spammers if at all possible'.)

Written on 22 October 2009.
« How to waste lots of CPU time checking for module updates
Something I have realized about university services »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Oct 22 23:57:20 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.