[khinch]

In any email client I use, be it Thunderbird, Outlook or any others I have met so far, I have the option to enter my own email address as anything I like. I have played tricks on my Dad by sending him emails from George W Bush with email georgewbush@the-whitehouse.com, saying all kinds of things (not harsh though). Not being completely tech savvy, the first time I did it he believed me.

Anyway, the spam emails that regularly bypass my spam filters are usually the same ones, but the email addresses are completely different. This suggests to me that the spammers have random name / email generators that just bang away all day with different combos to try and bypass spam filters like mine.

My question is, why dont the ISPs check the email address against those registered to your username, and block the ones that aren't registered? If my email is jdoe@myisp.com the server should simply not allow any traffic with another address attached. It seems quite easy to do and once an email address is blocked for originating spam, the spammers would have to go and register a new email address instead of just making up a new randomised one. I'm assuming since it's quite easy to think of, and I'm no genius, that there is a reason this wouldn't work.

[carlosponti]

there really is not a way to tell what a registered email is. you would have to require every isp and individual that has an smtp server to setup a registry to check for emails but then the spammers could set one up and we would be back where we started.

[Roxoff]

I have a good method for handling spam:

- I run my own mailserver, whith real time black hole support - which stops mail by checking the senders IP against known internet blacklists.

- I have at least two email addresses at any time; my normal email address used by my mates, family, etc. and one that I use when signing up for stuff online. When the one that I use for signing up for stuff gets out of hand, I turn it off, mail gets bounced, and a few months later, that email address has automatically been removed from virtually every spam email system in the galaxy, so I can use it again.

- I dont use spam assassin, but I dont need to at the moment. I have considered it, and I might use it one day.

- On the unusual occasions that I get spam these days, I throw it at spamcop.net, where it automatically gets scanned and the IP ends up on real time black hole lists.

Over the last week I've had zero spam. I am beginning to wonder about the large amount of email that I've opted into, stuff from Tescos, ebay, RedHat, Nectar, etc., all filling up my inbox with stuff I dont have time to read.

[khinch]

When I say registered I don't mean globally, I mean locally with the email provider. Following is an example, in which I'm not patronising anyone (because I don't know enough to patronise), I'm just trying to put across the model in my head:

Joe Bloggs goes to BT and says "I'd like an email address please." BT says OK, your email address is jbloggs@btinternet.com. Your username is "jbloggs", your password is "ABC123" and your incoming and outgoing mail servers are mail.btinternet.com and smtp.btinternet.com.

So now the login name "jbloggs" is associated with the email address "jbloggs@btinternet.com" and if anyone sends mail to that address, it will arrive in the inbox of whomever logs into the server under "jbloggs". That must mean that there is an association between the two, or his emails would never reach him.

So when Joe goes to send an email the server checks his username against his password, but why doesn't it also check his username against his associated email address? Some providers offer multiple pop accounts, in which case there would be a list of associated addresses, but any not on that list would be rejected.

The SPAMCOP service already blocks multiple email servers, well if all (or most) email providers jumped on board, all SPAMCOP would have to do is block the offending email addresses, which would HAVE to be real ones and not made up.

The reason spam has started annoying me more than ever recently, is because many completely legitimate emails from myself to colleagues and friends have been rejected by Hotmail, NTL and Telewest, apparently because SPAMCOP has blacklisted my mail provider due to excessive spam originating from it (and NO! it wasn't me btw )

I could just move to another email provider, but I payed for two years of service and still have one to go. They claim they are working on the problem, but it seems to me like there is a fairly simple way to validate all email's origins with a simple piece of code on all email servers.

Apologies for epic post, but I hate spam!

[Roxoff]

The trouble is, there really isn't a way to validate the senders email address. My sendmail config does a reverse-lookup on the sender IP to make sure the senders address matches the point they're sending from. But that check is a mail receipt check, not a check made by a sending server. Even if btinternet, yahoo, etc., were to check the senders credentials, it would still be possible for someone else to just blindly put your return address in their 'Return-Path:...' email field and send it through a different mail server.

[khinch]

Quote:

Originally Posted by Roxoff

which stops mail by checking the senders IP against known internet blacklists.

That seems to be the cause of my problems....

From Domain Direct's Nework Status Page:

Quote:

Email Accounts: DEGRADED
Date Posted: September 22th 2006 Time: 1:15pm EST

Description: Currently a number of our Outgoing email servers have been blacklisted by the SpamCOP service. Our email administrators are in the final testing stages of adding an outbound spam filtering solution that will resolve this issue. We are working to have this tested and implemented as soon as possible.
Current Status:On Going
Updated Status on: Nov. 20th 2006 @ 11:30am EST

Pay particular notice to the line "an outbound spam filtering solution that will resolve this issue". Why not just do what I suggested, and then block all emails originating from blacklisted email addresses, instead of entire servers or IPs?

[Roxoff]

Quote:

Originally Posted by khinch

Why not just do what I suggested, and then block all emails originating from blacklisted email addresses, instead of entire servers or IPs?

Like I said, anyone can put anything in the 'Return-Path:...' text field. There is no way to prove that a senders credentials are what they say they are.

And the mail servers themselves will have big problems because they offer free or low-cost accounts to people. This makes it easy for spammers, imagine this - one signs up, sends a boatload of spam (while any credentials with the sending mail server are still valid) and never uses the account again. By the time the account is blocked by the sending ISP it's too late and they've been reported to spamcop again. An outgoing spam filter would be the only solution to such email servers.

If you're having trouble with this, then dont use the account until they sort it out. You could even email them and tell 'em you're disgusted with both the amount of spam you get and the lack of ability to send emails 'cos of the blacklisting; tell 'em it makes your account unusable and demand a refund. You can negotiate with 'em then for a free extension to your contract or some other 'sorry' gesture they want to make.

[khinch]

Quote:

Originally Posted by Roxoff

there really isn't a way to validate the senders email address.

That's the bit I have trouble understanding. If Joe (in the example) put his email address into Outlook or Thunderbird as "tonyblair@number10.gov.uk" and logged into his inbox, he would still recieve mail addressed to "jbloggs@btinternet.com", and therefore the smtp server must link his email address to his login, and not whatever he types into his client. So why cant the outgoing mail server do the same?

I hear what you say about the "replyto:" address, but that's different. That's just saying "don't sent mail back to this address, we don't read it. Send it here instead:" I don't care who someone want me to reply to, I just care where the email came from which currently looks like people can send emails completely anonymously with little thought or expertise envolved.

[Roxoff]

Perhaps you would understand this better with a little bedtime reading: RFC821 - the SMTP protocol. A whizz down this document will explain why the return address can be anything you damn well please...

For example, your solution wouldn't help people that use two mail accounts for sending, but want all replies to arrive in their hotmail box. They set the sender address of, say, their 'yahoo' account to 'jbloggs@hotmail.com'. With your solution, they now cant send emails. You're forcing them to have to log in to both email accounts and check them seperately. Why would anyone have two sender account? Well maybe they're sending through their ISP's mail server, but only check their POP3 box on hotmail? Maybe they're on the road and using a free dial-up service not their regualr broadband ISP and the return address is set to their main or POP3 account. I'm sure there's plenty more reasons too.

[khinch]

Quote:

Originally Posted by Roxoff

Perhaps you would understand this better with a little bedtime reading: RFC821 - the SMTP protocol.

Thanks! I'll have a look at that.

Quote:

Originally Posted by Roxoff

A whizz down this document will explain why the return address can be anything you damn well please...

And that's how it should be. I have nothing against folk putting the return address as anything they like. It's the from address that I believe should be non-tamperable. In my email client I can set the from address and the replyto address seperately.

Quote:

Originally Posted by Roxoff

Why would anyone have two sender account?

That's their business, and I don't mind that at all. Like I say, if the from and replyto addresses are seperate, I don't see why folk still can't use their return addresses the way they always have (unless the bedtime reading above educates me and I then find out that form some reason the from address and replyto address have to be the same? or something? I will read it later, thanks)

Quote:

Originally Posted by Roxoff

And the mail servers themselves will have big problems because they offer free or low-cost accounts to people. This makes it easy for spammers, imagine this - one signs up, sends a boatload of spam (while any credentials with the sending mail server are still valid) and never uses the account again. By the time the account is blocked by the sending ISP it's too late and they've been reported to spamcop again. An outgoing spam filter would be the only solution to such email servers.

That's absolutely true. I can think of a couple of ways to attemp to combat it, such as mail providers only allow a certain number of email address changes in a certain time period. Say, once a day, or three times a week. Seriously, how often do most non-spammer folk change their email address linked to a single account? Free email providers would just have to work harder to spot spammer accounts and outgoing spam, or else risk being blacklisted, like my mail server has been.

I should point out, I'm not saying my idea should be law or anything, I just feel it's a simple solution that could save many email providers from being blacklisted. It could be done completely independently by any provider that wanted to. I just thought that maybe since it hasn't been done, there must be a reason.

Quote:

Originally Posted by Roxoff

If you're having trouble with this, then dont use the account until they sort it out. You could even email them and tell 'em you're disgusted with both the amount of spam you get and the lack of ability to send emails 'cos of the blacklisting; tell 'em it makes your account unusable and demand a refund. You can negotiate with 'em then for a free extension to your contract or some other 'sorry' gesture they want to make.

Again, your absolutely right, and I fully intend to do something along those lines now. However, regardless of my position with my email provider, I was curious about the technicalities of spam prevention and hence why I started this post.