james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Hammant <Paul_Hamm...@yahoo.com>
Subject Re: SPAM #3 (ORBZ.org)
Date Sat, 23 Mar 2002 09:10:51 GMT

> So, it is a violation of their privacy policy to reveal who asked for 
> the intrusive test, but it's not a violation to do the intrusive test 
> or publish the results for anyone to see...  If something is this 
> non-sensical, I generally assume it was the work of lawyers.
> On a related note, James out of the box checks 3 blacklists (MAPS, 
> ORBL, and ORDB I think), and I found a nice quick list of blacklists 
> and other useful anti-spam info here:  http://www.rahul.net/falk/  We 
> should probably add an anti-spam page to the James site to capture 
> useful info and otherwise track useful advice.

OK,  Here is something more concrete as a suggestion:

Proposed via RFC, a new SMTP command  -> "RUOR"  (Are You Open Relay). 
 If the server does not understand that query, or the server answers 
"yes" as opposed to "no", then the machine is potentially open relay. 
 If this is an RFC, then Lotus, MS etc will implement it and at that 
magic point choose to change the defaults on their installations.

* If an ORG like ORBZ.org chooses to query that instead of trying to 
Spam then they are not in breack of any anti-hacker legislation.  
* Mail servers recieving mail (and are unsure of origin), can 
immediately reach back in a new connection and post a RUOR query.  The 
policy of the recipient can be to a) trust the response, b) refer to a 
compiled by abuse blacklist, c) discard all mail from the non-RUOR 
compatible mail server. That is up to the policy of the sysop.
* Companies can be compelled by law, or ISP contract to migrate to RUOR 
compatible products and to not reply "no" when "yes" is the truth.

Just the first part of the anti-spam RFC?

- Paul

BTW :- Have you folks seen http://eob.sourceforge.net/ ?  It is a 
Phoenix using app.

To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>

View raw message