darxus: (Default)
darxus ([personal profile] darxus) wrote2010-02-10 10:14 pm
  • Add Memory
  • Share This Entry
Entry tags:

I made up a new way of blocking spam: MTX records

http://www.chaosreigns.com/mtx/

MTX records are just DNS A records on your DNS server stating that an IP is a legitimate mail transmitter.

There is a SpamAssassin plugin for it on that page.
Flat | Top-Level Comments Only

[identity profile] feng-huang.livejournal.com 2010-02-13 09:43 pm (UTC)(link)
I think SPF is doing pretty well. Many large entities are using it, including gmail, AOL, and hotmail. And that's in spite of the forwarding breakage which a bunch of people are very emotionally opposed to creating SPF records because of. When I went looking for major sites using SPF, I had no difficulty:
Okay, I concede that point, and I also think I didn't convey what I wished, which is that among people who have heard of it and aren't philosophically opposed to it, it's more than likely laziness that's preventing them from creating just one additional DNS record, as opposed to one additional record per server.

(BTW, the #spf_users tag on that link didn't work. You have it as an 'id' attribute to an h2 tag, whereas you need an <a name="spf_users"> tag. I'm using Firefox 3.5 on Linux.)

I've not looked at the spec for SPF, but the record itself is ugly, I agree. Fortunately, they have a CGI script that will generate the record for you. ;-)

Really, if you don't know what a 'helo' is, you shouldn't be running a mail server, IMNSHO. I think that "Hello, my name is _____" is a pretty simple concept for people to understand, anyway. "You have to give me a real name that I can look up" is pretty simple, too, and yet people still get it wrong.

And while dice.com does have an SPF record, it doesn't help if you're requiring mail servers to tell you a real name that you can look up, and they're not properly identifying themselves:

Feb 6 13:33:08 dr-evil postfix/smtpd[14286]: NOQUEUE: reject: RCPT from mailbox51.dice.com[65.198.147.51]: 450 4.7.1 <colomailbox.dice.com>: Helo command rejected: Host not found; from=<support@dice.com> to=<my@ddre.ss> proto=ESMTP helo=<colomailbox.dice.com>

That was my point. If people can't even get the hostnames they're using for their mail servers in DNS properly now, why would they create extra records? (I no longer have the log entries, but my electric company was using srp.gov, which doesn't exist, instead of srpnet.com. I don't think "Set your hostname to something that can be looked up" is too onerous of a rule, either. They (the electric company, not Dice) have since fixed it, probably in part because I was just bouncing their mail after I temporarily allowed their signup confirmation message in.)

As for catching more spam, I would be interested to know if it has improved your accuracy rate. I can create a regex that will reliably catch 100% of spam. Here it is: /./

I'm still working on the false positives, though. ;-)

Anyway, I realize that it hasn't even been a week, but since you've stated that you're catching more spam with it now, I'm interested in the particulars behind that claim. (In my opinion just "catching more spam" isn't enough; "improving accuracy" is the goal, and the false positives you mentioned concern me a little.) Has it actually improved your accuracy rate? Is the rate different than if you had merely penalized every email by the same amount, or if you had lowered the SA threshold by the same amount? Do you know if there are any other domains with MTX records besides yours and mine?

Sorry if I come across as overly negative; I just don't see a significant benefit (although there's obviously no harm by creating the record, which is why I went ahead and did it).

[identity profile] darxus.livejournal.com 2010-02-14 12:11 am (UTC)(link)
When did "id" become a valid attribute of all entities? Maybe that wasn't until HTML5? It works for me with firefox v3.5.3. The WDG validator isn't throwing an error on it, but there are enough other errors on that page that they could be hiding it.

I highly doubt the SPF CGI script will generate the ugly SPF records I've seen. And I suspect they're ugly out of necessity.

I pointed out that dice.com has an SPF record only because you gave it as an example of someone too incompetent to provide a valid helo, and therefore, I think, unlikely to create an MTX record.

Obviously, MTX has increased my accuracy rate for spam, while decreasing accuracy for non-spam. Overall accuracy isn't really worth comparing, I think. But the part that matters to me is that the cases where I'm decreasing accuracy with false positives, I'm notifying the sender and giving them a way to fix it.

I'm sure the current effect is statistically very similar to giving all emails an extra +2. The difference, as I said, is the notification, and ability to fix it.

I don't mind your negativity, I appreciate the additional analysis.

And I've gotten quite a lot more negativity than from you. It is apparently common for people to think that they came up with a new and useful method for dealing with spam. They're almost always wrong. It shows in the responses.

[identity profile] darxus.livejournal.com 2010-02-14 12:28 am (UTC)(link)
That page is now validated HTML5. I'm curious if the spf_users link works for you now.
Flat | Top-Level Comments Only