Piet, At 12:03 pm +0100 10/2/98, Piet Beertema wrote:
I thought that those of you who attended the spam BoF last week might be interested to note the IMC survey of publicly-known relaying smtp servers.
The problem with this survey is that it is by no means exhaustive (500 mail hosts is in fact peanuts compared to the number of mail hosts globally), and probably for that reason doesn't mention the names of the hosts that allow relaying.
[If you remember, "naming-and-shaming" was thought to be unconstructive when discussed at the recent RIPE anti-SPAM BoF meeting. Is this what you mean? Personally, I think that this is a bit too agressive.] Perhaps a compromise is to compile a list of offenders and then contact the domain administrator for that host? (A standard canned message akin to the DNS "Lame server" one would do, I guess...?) We didn't actually discuss this at the meeting. My reading of the IMC report was that it was intended to show a "a large random sample" but I suppose that 500 is indeed small compared with 1) the number of MX records in the DNS and 2) the number of hosts accepting SMTP connections (larger). (For comparison, when I was analysing the COM domains last year to determine physical locations, I used 2 separate samples of 50,000 each - there were ~1,100,000 domains in the zone at the time.) Note though that the IMC report makes no further comment nor claim about the applicability of its results more generally than the 3000 domains known to the IMC itself (though its mailing lists), except for the implicit comment (I guess) that those subscribed to IMC lists should really know better ;-) It does, however, state that an update will be forthcoming.
A flaw in the test is that it used a valid domain name; using an invalid domain name (or a separate test using an invalid domain name) would probably have led to more refusals.
Hmmm. But most spammers use valid domains these days, dont they? Are there admisistrators who implement only the check_relay and not the check_from at the same time? My impression was that it is usually an all-or-nothing decision thugh I suppse check_from puts a much higher (DNS) load / delay on the relay?
Even so it is shocking that 55% of the set of mail hosts tested apparently allows unrestricted relaying.
Indeed. My guess is that this is a conservative figure but, as you say, 55% is still too much. However, as was discussed at the meeting, even reducing the number of relaying hosts might not significantly reduce the amount of spam - it only takes one and relaying hosts are being added daily... John