Re: People forging their From: addresses
- Date: Wed, 30 Sep 1998 11:45:06 +0200
On Wed, Sep 30, 1998 at 11:35:26AM +0200, Freek de Kruijf wrote:
> Nate Waddoups wrote:
> > I cannot help but wonder why spammers choose to use legitimate domain
> > names when they forge "From" headers. What good could it possibly do
> > them, as opposed to just using something that doesn't exist?
> > Puzzling.
> A lot of e-mail systems check the from-address for existance. If this
> address does not exist the message is not accepted.
> Unfortunately a lot of these e-mail systems use the wrong return code.
> When the domain does not exist they should permanently reject the
> message; in SMTP-terms an 500 error code should be given, however often
> a 400 error code is given. This 400 error code should only be given in
> case the DNS system is not responding on the request.
You could do that, but you'd lose email. I'm running a check against
existing hostnames (the DNS should resolve), and return a 400 code
if it doesn't.
For a while, I tried returning a 500 code, but I found that the DNS
is flaky enough to actually provide false answers now and then, so I
ended up rejecting a few messages a day who were otherwise perfectly
legal (out of like oh 100k per day).
So we switched back to 400 replies, so now the occasional mail gets
delayed a bit because it gets an "unfair" 400 reply, but that's
better than rejecting that mail altogether. Spammers will usually
not retry even with 400 style replies when they're sending directly,
and relays stop after a few days... it's bearable.
#! ##### Jan-Pieter Cornet ##### johnpc@localhost ##### perl
($@,$\,$~)=$!=~/(.)(.).(.)/; $_="$,$/$:"; $@localhost $~="$~$_";($_)=
\$$=~/\((.)/;$|=++$_;$_++;$|++;$~="$~ $@localhost:";`$~$/$\$*$, $|>&$_`