Anti-spam measurements are working?

It has been a while, but it appears challenge-response spam filtering is back and now even more stupid.

If yes, it got caught as unsolicited email by our spam blocker. You can release the mail from spam quarantine by simply replying to this message. At the same time the spam blocker will recognize you as a trusted sender (from this email address) and automatically add you to my Allow list for this and any future communication.

Many illegal spammers forge email addresses to try to get past spam blocking software. These spammers send hundreds of millions of spam messages a day, clogging email servers and wasting people’s time. We regret that these spammers have forced us to send this message to you.

But why stupid? First of all no relevant data at all, only a source and target e-mailaddress and a company URL where you should be able to find how to clear it. Wasn’t able to find anything btw. When matching the timestamps it appears to be related to a posting I did on a mailinglist, a double opt-in mailinglist. And RFC 5230, section 4.6 has some nice hints for vacation responders that may also apply to these kind of spamfilters. Also my maildomain has a closed SPF-record in DNS, meaning you can identify if I’m really the sender. Which will not be the case as a mailinglist has a different return-path header. Also an indicator that the software isn’t using the right data from the headers.

Looking at the headers from their response it appears they know how to set an SPF record for their own domain, but validating incoming no. Also their software forgot to add a Date-field to the mail headers. For now I fed this e-mail from challenge@lightspeedsystems.com to the Bayesian filter and if it keeps coming back it will get it’s own line in my blacklist for SpamAssassin.

Published by

Hans Spaans

Unix & security consultant with a passion for Linux, Solaris, PostgreSQL, Perl and network services, but also a strong believer in open and free source, standards and content.