[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and forward email to Spam folder.

> But sometimes, mail servers (are checking if the sender domain name = IP
> ? to prevent spam ?
> May be I'm wrong, not an expert ;)

Some servers can check for a valid rDNS/FCrDNS [1].
Reverse of the IP sending the mail must be equal to the HELO/EHLO domain used.
For example the nazi and very bad DNSBL V4BL [2] do this check and reject all 
mail if not pass. This check is also a clue for spamassassin [3] for spam 
scoring but doesn’t reject the mail only on this fact.

This is a best practice from RFC 1912 [4] but is highly problematic for self-
hosting/tiny mail provider because it’s not common at all to be able to manage 
IPv4 reverse (and worst IPv6 reverse) :
	- Reverse IPs require cooperation of your ISP/IP provider because the 
affected in-addr.arpa zone is on it authority server and not your. Only few 
allow reverse IP for their customers.
	- It’s not compatible with multiple domains behind single IP with standard 
tools (EHLO/HELO is generally not dynamic but static in SMTP config).
	- It requires a single SMTP outgoing gateway for all your outgoing mail 
server, to avoid reverse DNS on all your IP and in particular on your shared 
hosting server.

Only huge enough email providers like Google or Microsoft are able to ensure 
clean rDNS/FCrDNS in practice…
> I see on mine bad guyz trying to send mails from a domain name not equal
> to the IP from it's sent... is it "reading" the header informations to
> make it possible ?

Spammer generally use a EHLO with the targeted domain or common outgoing 
domain (gmail, yahoo, microsoft…) to try to confused anti-spam or badly 
configured incoming mail server (corporate email servers generally whitelist 
their own domain…).

And remember the SMTP *content* can be totally different from SMTP *metadata*.
You can announce an EHLO domain "foo" but send an email from and to "bar" 
domain. This can be a spoofed email but also totally valid email.
An email sent from a "foo" server with a "foo" TO addresses but a "bar" FROM 
and BCC adress will generate the following SMTP on the BCC server.

	EHLO mx.foo
	MAIL FROM:<sender@bar>
	RCPT TO:<bcc@bar>
	From: sender@bar
	To: to@foo
	Subject: a BCC email
	This is the body

You can imagine more wierd SMTP exchange with 5 differents domains on the 
EHLO, MAIL FROM, RCPT TO, From and To (mailing list change EHLO, address 
rewriting change MAIL FROM, forwarding change RCPT TO, BCC decorrelate 
metadata from content…)…
Paradize for spammer, hell for spam fighter…

[1] https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
[2] https://gcm.v4bl.org/
[3] https://wiki.apache.org/spamassassin/Rules/RDNS_NONE
[4] https://tools.ietf.org/html/rfc1912#section-2.1

Individual crypto-terrorist group self-radicalized on the digital Internet

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72

Attachment: signature.asc
Description: This is a digitally signed message part.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to