Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Slows AT&T Email

Posted by michael on from the clogged-artery dept.

jonerik writes: "MSNBC has this article about AT&T's frustration with the increasing quantity and sophistication of spam traffic. As has been noted here already, much of it these days is originating from Asia and, according to the article, 'now represents 20 percent of all e-mail floating around the Internet.'"

1 of 272 comments (clear)

  1. Optionally publish valid mail servers for domains by Anonymous Coward · · Score: 5, Interesting

    I often get email where the from domain claims to be yahoo.com, but it was sent via an as-yet un-rbl'd server. As it stands your smtp server will accept a mail from anywhere not in a block list, with no checking on whether the server sending you the mail is a legitimate server for that email's claimed from address.

    In the same way that RBLs are published via DNS records, it could be useful to have a scheme whereby for your email domain you can advertise (via dns) what hosts are authorised to send email for that domain.

    So a mail comes in from a yahoo.com address, you do a dns lookup on the incoming connections ip address appended to validservers.yahoo.com or whatever the convention decided upon is, and the result would tell you if it's valid. You'd also need a way to check that yahoo.com is actually advertising the valid mail servers (and if it isn't, you failsafe and accept the mail).

    This scheme wouldn't be compulsory, and would probably be suited mainly to free email providers, large corporates. The downside of it is that if you have a yahoo.com address, but want to run your own smtp server to deliver your mails, then you'd fall foul of such a system. I don't think that's a biggy though - if you could run your own smtp server, you'd probably not use a yahoo.com address you'd have your own domain :).

    While I'm rambling, another system which could be done is a protocol for verifying email addresses (you could also do this via dns too, I guess, but dns is getting cluttered enough as it is). For a given email domain it has an entry (in dns) for an email address verification server. When an email comes in, you check if there's a verification server for the source domain of the email, and if so try connect to it, and then submit the email address for verification. Depending on whether it says yay or nay, you accept or reject the mail. If they're not running a verification service, you just failsafe. I know SMTP vrfy exists, but sites often turn it off, or it doesn't do anything useful as the external server is just forwarding mail, etc etc.

    These systems wouldn't be so useful until they got adopted by hotmail.com, yahoo.com, eudoramail.com, aol.com etc, and I'm sure people have toyed with these ideas before and maybe there are downsides which outweight the benefits or maybe someone knows of implementations of such a thing.