OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Incessant Bounces
From: Rask Ingemann Lambertsen (rask-postfixkampsax.k-net.dk)
Date: Wed Aug 23 2000 - 11:02:00 CDT

Den 22-Aug-00 21:16:45 skrev Ronald F. Guilmette fĝlgende om "Re: Incessant Bounces ":
>In message <v0422081bb5c87069cc10[195.238.1.121]>, you wrote:

>>At 10:34 AM -0700 2000/8/22, Ronald F. Guilmette wrote:
>>
>>> I know from direct experience that quite a lot of spam gets sent out with
>>> totally 100% bogus MAIL FROM domains,
>>
>> Not true. Because most sites these days implement the standard
>>envelope sender DNS resolution techniques, most spam these days
>>originates from bogus addresses at real sites.

>Most, yes. But my spam traps indicate very clearly that there is still
>a sizable, finite, and non-zero amount of spam that is being sent on a
>daily basis (and even as we speak) that carries 100% bogus envelope
>sender address domains.

   Because a large number of sites now check for MX or A records, we will
see an increasing number of cases like this one from a recent spam run:

$ host -t MX netscap.com
netscap.com mail is handled (pri=0) by mail.x1netscap.com
$ host -t A mail.x1netscap.com
Host not found.

   That way they evade most DNS checks, don't get any bounces and don't
risk being dragged into court for abusing someone elses domain. I know rule
#3 says spammers are stooopid, but there is still room for deviation.

>Those cases are relatively rare, and in any case, you are doing the sender
>a favor when you bounce/reject such messages. Otherwise how will he ever
>know that the return address he configured in hsi mail client is wrong and
>that it will prevent him from seiing a lot of his own bounces?

   I agree with that. If it's legitimate mail, bounce it now rather than
let them wait for a week, which is completely useless. It is my experience
so far that few postmasters watch their mail queue for signs of DNS
problems or other easily correctable problems.

>> Therefore, the MTA *must* take the conservative route (by
>>default), and issue a 4xx response code instead.

>I disagree with your use of the word `must' in this context.

   He said "by default", which means you can change it.

>My only counterpoint is that e-mail itself is not ``safe''.

>If I need to be absolutely positively sure that someone got a particular
>message, I'll send a telegram, use FedEx, or pick up the phone.

>You said it yourself... DNS can be flaky from time to time for no apparently
>good reason. Why should e-mail be thought of as being any different?

   I must protest against this. The email related RFCs in some places place
very strict requirements on MTAs in order to ensure that mail does not get
lost. It is clearly intended to be ``safe''.

Regards,

/ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻTŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ\
| Rask Ingemann Lambertsen | E-mail: mailto:raskkampsax.k-net.dk |
| A4000, 896 kkeys/s (RC5-64) | "ThrustMe" on XPilot, ARCnet and IRC |
| Without C people would code in Basi, Pasal and Obol. |