Re: [courier-users] SPAM over SMTP

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Alexey Ivanov via courier-users writes:

> Thank you.
> But that is kind of special type of spam.
>  
> It is not THEM. It is us!
>  
> Assuming I do have a server mail.mydomain.com
> I wish that ONLY that server may send emails with FROM
> address like <URL:mailto:na...@my...>na...@my...

RFC 821 carries a date of August 1982. Since 1982, SMTP never worked this  
way. For better or for worse SMTP is completely unauthenticated, and any  
mail server in the world can attempt to send an email to any other email  
server in the world using any FROM address.

Not only that, but each E-mail has not one or two addresses that are often  
described as "From" address, the SMTP MAIL FROM address, and whatever  
appears in the E-mail's actual From: header.

And this applies to both of them. There is no authentication, whatsoever.  
Back when SMTP first came about it was a different world and everyone  
trusted each other, and SMTP works exactly the same right now as it did back  
then.

What you describe, simply, is impossible.

Various techniques, over many years, were proposed to address this naive  
trust-by-default nature of SMTP. The results have been quite lackluster. You  
may try to see if some of those approaches work for you, anything ranging  
from simple SPF checking (which Courier supports natively) to DKIM, which  
requires some extra stuff to be set up.

> If I ban based on IP. They can move it to another IP.
> That ways they can jump over and over unlimited period of time.
> I cannot even imagine what will happen if we all move to IPV6.

Welcome to SMTP. That's just the way it is.

> I never ban a single IP. Always like «192.168.0.0/24»
>  
> Well, I got your point. But frankly I was expecting a special
> solution can be found in that very particular case.

Everyone has been looking for a solution for more than 30 years. One is yet  
to be found.

> Well it is sad. Thanks anyway.

This why the big guys, like Google and Microsoft, has been taking over E- 
mail. Their spam filters, based on AI-like algorithms and trained on  
tremendous amounts of E-mail, offer pretty much the only effective generic  
spam filtered E-mail that's available to the masses.