Spam Free Email

In the past few weeks I’ve been running into more and more references that mail servers are being configured to look at the Reverse DNS entries and if there no entry the messages should be considered spam.

Apart from the fact that I currently don’t have an RDNS entry for my own mail server, I an certainly see the logic in this.

Most fly by night mail servers are going to be setup as quickly as possible. They also want as few ways to track information back to themselves as possible. So RDNS is simply something that they won’t take the time to setup.

The only flaw in this logic comes when ISP automatically setup RNDS on all of their IP addresses. Then any mail server on those addresses is automatically immune to this technique of trying to detect them. The hope here is that they will have to move to another mail server soon enough and that they next ISP won’t have set this up.

I suppose this lends credence to the length of time a domain name has been registered as well. With the basic logic being that domain names that are less then say a month old are more likely to send spam then domains names that have been around for years.

This takes into account that spammers many times just buy throw away domains and never bother to renew them once they come up for renewal.

Another thing to look at on the domain side is how long until the domain name expires. If the term is less then one year the domain name would be less important to the person that owns it then a domain name that will expire in two or five or ten years.

So if a domain is less then a month old and will expire in less then a year the likely hood of the domain sending spam message is quite high in my opinion, but that is all it is … an opinion.

[tag]DNS, Reverse DNS, rdns, spam[/tag]

Might be an odd question for most people, but for the system administrator it is a thankless job that only gets harder.

So why wouldn’t every admin use every tool at their disposal?

Some might not know about the tools, but I don’t consider ignorance an excuse.

Others might be implementing new anti-spam protocols but their budgetary constraints and overly complex networks prevent them from doing so. These are more acceptable excuses, but they are still excuses.

Simple technologies, like SPF that require no more then 30 minutes of any administrators time to implement, but they can help reduce spam immeasurably.

I guess I’m on a bit of a rant at the moment, I’ve been developing a new anti-spam email server and I have started looking through the SPF logs. I’m going to start keeping track of this in more detail very soon, but some extremely blatant spam has been coming through and it is obviously not originating from the networks they say they are.

In fact, I am pretty sure this particular case is a virus, but this is definitely something that could be stopped cold in it’s tracks with a few properly configured DNS records and a little more effort on the part of system admins as a whole.

Wonder what will make them take action to prevent the problems in their own houses, instead of just filing the complaints and doing nothing ….

I’ve been actively working on a Lisp based DNS resolver, what does this have to do with spam you might ask?

I’m planning on creating the ”’Spam Free Email”’ service’s backed with Lisp and as I’ve stated before DNS is one of the most powerful and flexible tools (RBLs and SPF) for fighting spam, so it seemed like the best place to start.

Since I’ve only be programming in Lisp for the better part of two weeks I’m doing well, but currently I’m spending as much time looking up syntax and commands as I am writing the logic. This will pass as I’m more familiar with the language, but all in all I still think this is the right direction to move in.

[tag]Lisp, DNS[/tag]

As I’ve been thinking about the different things that I want to check on each email message I keep noticing that most important technology for checking information is DNS. RBLs, SPF and even checking to make sure that the domain name that is sending the email has a MX record or that it even exists all relies on DNS.

Being that the first four or five things that I want to check on each email message relate directly to DNS that means that the DNS server will need to perform well and cache information and the DNS Client that is doing the DNS Queries will also need to perform well.

So I am currently looking into DNS technologies to see which one I am most interested in using.

I was talking with a good friend of mine last night and he made comment about how the only way that spam will disappear is when the lawmakers get more spam than they can handle themselves that they make it illegal.

While I see his point, the fact that the Internet is a global network makes legislation impractical to solve such a large problem. In fact I would think it would have about as much success as the war on drugs.

Innovation is the correct direction to move in to resolve the issues at hand. Finding the flaws and fixing them as well as sincere blocking of messages and servers that are not keeping with the times.

Technologies like SPF and bayesian filters will make more of a difference on a global scale than any legislation that comes out of any single country.

The bottleneck is not currently technology, it is the implementation of technology. If more companies would implement SPF in their DNS records alone, not even adding an SPF component to their incoming email server, spam and viruses would be reduced.

This is not a battle to completely obliterate the enemy, this is a game that we need only play to a stalemate. Our email systems are in place for a reason; to communicate with others. Spammers are in business because they exploit our desire to communicate with others.

Reduce a spammer’s ability to communicate with the email users on your email server and you have effected his bottom line. Accomplish this without impacting your users ability to communicate with the people they want to communicate with and your users will be happy.

I’ve spent most of my day today fighting with a combination of virus and viruses. The virus downloads and installs the virus faster then I can remove it.

The virus also removes the hosts files on the PC making it impossible to be connected to the Internet and manually block the site that is being used to download the spyware from.

So I was thinking, why not create a DNS server that redirects known spyware requests to a spyware warning page instead of going to the page itself. On the second request, or after an acknowledgement, it could continue on the real page.

Of course this would take effort and resources to make it viable, and it could easily be used to try and block your competitors, but in the long run if no one can get to your website because you installed spyware, then you will not make any money. Remove the profit motive and you remove a significant number of the players.

A well designed system would be about as effective an an RBL is at blocking spam, but that is a 30 to 40% block ratio that could save a lot of time and resources.

I’m in process of changing from the Network solutions DNS servers to the DNS servers at Zoneedit. The main reason I’m doing this is to gain access to the TXT DNS record so that I can put up my own SPF entry.

Hopefully this will not impact the site while I am transferring everything. I’ve done this 1,000 times but I still seem to screw things up once in a while

I’m also hoping that the Zoneedit DNS servers will be a bit faster

Once I’m done with this transfer I’m going to be transferring a lot more domains and adding the SPF records and then changing them all from Network Solutions to GoDaddy.com (I was in process of doing this well before the super bowl ad …)

I mentioned SPF a few weeks ago in an early blog on this site. SPF, or Sender Policy Framework, is a technology that allows for a reverse DNS lookup of mail servers.

In the current way that the domain name system (DNS) works you have a record called an MX (Mail eXchange) record. This record points to one or more mail servers that accept email for that domain. You can also place a priority on each MX record setting up the order in which email servers should be tried.

SPF adds a new record as a TXT record in DNS. This record primarily describes where email from a given domain can come from. So while the MX record is the way for the sending email server to validate where to send the email to a SPF record is a way for the receiving email server to validate where the email is coming from.

So what does this do for spam and viruses?

In my humble opinion SPF has the ability to cut spam and viruses by 80% to 90% or more.

How many spam messages do you get from an email address that is not valid? All of these would go away unless they were sent through the correct email server for that domain name.

How many viruses forge email headers and look like they can from a friend of yours, even though they really came from a computer someone else in the world? These would all go away.

From a business perspective, this would eliminate all of the bank card scams, where the email looks like an official correspondence from citibank or even ebay but they are really scammers trying to get your credit card data.

So what is it going to take to make this a reality? It’s going to take the support of everyone who is in the tech field controlling any email server and/or the people who control their projects. The more people who publish SPF records and the more people who add SPF support to their incoming mail servers the faster this will become a reality.

Just think of all the time and money you and your company could save if you didn’t have to worry about 80% of the spam or viruses anymore. It’s worth it, it just needs to be done.

For more information about SPF check out http://spf.pobox.com/

I after doing a bit of research I’ve decided to follow the lead of the Realtime Blackhole Lists and use a DNS based system for the SpamHoneyPot.com data. I’ve already started building a dedicated DNS server for this and I hope to have a BETA version of the DNS stuff done over the weekend.

I seems to be easier then I thought it would be so the only thing that would prevent this is if I end up having too much fun in my own life