[plug] re: Email rules
Bret Busby
bret at busby.net
Thu Feb 21 10:40:48 WST 2008
On Wed, 20 Feb 2008, Patrick Coleman wrote:
>
> On Feb 20, 2008 9:39 AM, Jon L. Miller <jlmiller at mmtnetworks.com.au> wrote:
>> It is only from the outside that this rule needs to be applied. If I send
>> an e-mail that originated from a remote location from me to me then I want
>> this to be quarantined as the only time these users are using this system
>> is from inside.
>
> I think SPF does something similar to this - you specify using a
> special DNS record on your domain what mail servers are permitted to
> send mail for your domain. If your system receives a message from a
> mailserver that is not listed in the From: address domain's SPF
> record, it will do something with it.
>
> 'Something' can be dropping it, flagging it, giving it an extra point
> in spamassassin, etc.
>
> -Patrick
>
>
I see two problems with that solution.
>From what I understand, the solution that you have proposed, is what is
known as whitelisting - specifying which sources of email are accepted.
The first problem, is that it is mandatorily exclusive, so that, for
example, if Jon's client is a company making drilling bits for mining
companies, and the purchasing officer is trying to source components for
the drilling heads, and sends a query to de Beers, for diamond tips for
mining drill bits, if the de Beers domain name is not included in the
whitelist, then, when a reply is made to the query, the reply will be
deleted, beaten up and left to die, or wahtever, because it is not
inluded in the whitelist.
Also, similarly, if a company is searching for driolling bits for mining
companies, and finds Jon's clint's web site on the Internet, and makes a
query (which could result in a supply contract worth millions of dollars
to Jon's client), by email, the query could, by the domain name of the
company making the query, not being included in the whitelist, be
automatically deleted (or, beaten up and left to ie, never to be sen
again), and so the company making the query, in not getting a response
to its query, regards Jon's client as just another of the companies that
has web sites on the Internet, advertising for custo, that doesn't
respond to email (the email messages being automatically deleted before
the addressee sees them), and so dismises the company as not being
worthwhile, and goes elsewhere for its supplies
That is the first problem; a problem of whitelisting, where email
addresses or domains that are not inluded in the whitelist, have any
messages from them, not being received by the addressee.
The second problem with using whitelisting on the From address, and not
the matching of the To and From addreses, with which Jon is concerned,
is the problem of spoofing.
As an example, Jon has recently asked whether people have ben receiving
messages with the "72% discount" or "February special offer" (or
similar), malicious message subjects.
I have ben receing such messages, and the To and From fields are both
spoofed, and are displayed as email addresses that belong to domains
that I have registered.
As an example, let us say that I am hosting a web site for an
organisation named PLUG, within my domain name busby.net, and that I
have an email address for queries relating to that web site, of
plug at busby.net.
I have been receiving multuple email messages, with the header fields
TO:plug at busby.net From:plug at busby.net Subject:Special February offer.
Now I do not have a PLUG web site, or that email address, but I have ben
similarly receiving multiple email messages for different web sites,
within different domain names that I have.
So the second problem with the proposal, is spoofing.
While the proposal refers to the mailserver from which a message is
sent, rather than the From address field, I asume that, as other
information in the message headers can be spoofed, so also can the
mailserver identifier.
Thus, I think that the solution (if achievable) goes back to the
original query that Jon put up; filtering messages where the To and From
field values are the same.
--
Bret Busby
Armadale
West Australia
..............
"So once you do know what the question actually is,
you'll know what the answer means."
- Deep Thought,
Chapter 28 of Book 1 of
"The Hitchhiker's Guide to the Galaxy:
A Trilogy In Four Parts",
written by Douglas Adams,
published by Pan Books, 1992
....................................................
More information about the plug
mailing list