xzr1tv Posted January 21, 2005 Share Posted January 21, 2005 Recently my ISP's inbound POP3 address have been appearing on the blocklist with the '2' code For example 207.115.63.33 listed in bl.spamcop.net (127.0.0.2) In looking there were 'others' in the same area with the problem. But the first time it happenned, many of the addresses had been 'clean' for 900+ days..... In an email exchange with a mailtech I came to find out that these are all INBOUND POP3 addresses at the ISP. The only mail they would send out is 'return to sender mail'. Evidently someone is sending out spam with a Spamcop 'poison pill' address as a sender.....and they 'bounce' it.... I then become a 'victim' because the mail from that INCOMING server goes to HELD mail. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 21, 2005 Share Posted January 21, 2005 The only mail they would send out is 'return to sender mail'. Bouncing any message to the (often forged) return address is now a very bad idea. What used to be a courtesy, now is abuse. Ask your mailtech to reconfigure the systems to reject during the SMTP transaction which will eliminate this problem and is safer for the internet. The way they are currently doing it, any message is accepted, and if it can not be delivered, they basically send a new message to the reply-to address saying so. The trouble is almost anybody can forge that address and more often than not, this bounce message goes to an innocent third party, who then complains to their help desk (part of my job at work) that they did not send the original and is their computer infected with a virus. With my proposal, the sending server connects to the receiving server, sending the connection information (IP address, to address, from address, etc.). The receiving server verifies that it can deliver said message and then either accepts the message where it goes through, or rejects the message, telling the sending server why. The sending server then generates the bounce message using the reason supplied by the receiving server. The sending server should only be accepting messages for accounts it knows about and can return the message to. Either way, the receiving server has sent NO messages, and can not send message to spamtrap addresses. Link to comment Share on other sites More sharing options...
Merlyn Posted January 21, 2005 Share Posted January 21, 2005 Seems as if they need to rethink their email procedures: Other hosts in this "neighborhood" with spam reports 207.115.63.28 207.115.63.29 207.115.63.30 207.115.63.31 207.115.63.32 207.115.63.34 207.115.63.49 207.115.63.95 207.115.63.106 207.115.63.107 207.115.63.117 207.115.63.126 Link to comment Share on other sites More sharing options...
xzr1tv Posted January 22, 2005 Author Share Posted January 22, 2005 Seems as if they need to rethink their email procedures: Other hosts in this "neighborhood" with spam reports 23393[/snapback] Maybe they do...., but is it their procedure, or a change in SPAMCOP procedures (The change being to allow reporting of bounces!) Remember: 1) These are INBOUND mail servers 2) They had been clean for over 3 years... 3) They(ISP) changed nothing.... 4) Spamcop relaxed a reporting rule... Link to comment Share on other sites More sharing options...
xzr1tv Posted January 22, 2005 Author Share Posted January 22, 2005 Bouncing any message to the (often forged) return address is now a very bad idea. What used to be a courtesy, now is abuse. Ask your mailtech to reconfigure the systems to reject during the SMTP transaction which will eliminate this problem and is safer for the internet. The way they are currently doing it, any message is accepted, and if it can not be delivered, they basically send a new message to the reply-to address saying so. The trouble is almost anybody can forge that address and more often than not, this bounce message goes to an innocent third party, who then complains to their help desk (part of my job at work) that they did not send the original and is their computer infected with a virus. 23392[/snapback] I hear what you are saying... but.. A) You are say 'What used to be a courtesy, now is abuse'. Where is that defined? I run a small mailing list (350+ members, opt-in with PHYSICAL signature, and/or voice confirmation). I only mail out once a quarter. Most of my recipients are at large corporations. I DEPEND on bounce messages to see who had left so I can call someone else there are correct the list. Otherwise I am forever sending JUNK! Another part of that is many large systems (ie; Exchange, Lotus Notes, etc) still send those messages out by default. You state "Ask your mailtech to reconfigure the systems to reject during the SMTP transaction which will eliminate this problem and is safer for the internet." My "mailtech" is the mailtech for a VERY LARGE ISP...I think he feels it's working as generally accepted industry practice, at this point in time! Has there been a standards change, a conference agreement, etc etc.that had signalled aggreement with the direction you are suggesting things should go? C) Pleas don't get me wrong, I am as ANTI-spam as the next person. In fact I would take offensive measure against spammers if it wasn't illegal (ie: the Lycos experiment!), but I am having a hard time swallowing the logic in blocking inbound POP servers or in the logic of turning off repies to inbound messages. I realize that bounces are a problem, but there has to be a better way! D) If the blocking on inbound continues, then their ought to be a way to safelist one's inbound servers! Link to comment Share on other sites More sharing options...
Wazoo Posted January 22, 2005 Share Posted January 22, 2005 You are say 'What used to be a courtesy, now is abuse'. Where is that defined? In the real world. Recall, the "net" was designed and put into place with the original intent of allowing continued communications between U.S. Government entities even after some of those entities no longer existed on the face of the earth. The 'net' of today was developed and configured based on the tenets of trust from those ancient times. Spammers and other forms of scum-sucking lifeforms have taken advantage of this "trusted" environment. Thus the changing of many once-accepted/recommended settings and configurations. My "mailtech" is the mailtech for a VERY LARGE ISP...I think he feels it's working as generally accepted industry practice, at this point in time! Could be. Yet worth mentioning is that even AOL has seen the light and put a stop to a major portion of their "bounced" e-mails .. specifically those e-mails having been sent to ficticous addresses but with other forged address in the Reply-To: / envelope data ... RFC's for the most part have not been update to match the ever-growing spam-spew issue, but .. with all the myriad of suggested/attempted changes, configurations, additions, etc. of possible e-mail applications (frustrated by the countless ISPs that are currently running obsolete versions of software already compounded by those that can't read the instructions anyway) and one would realize that even if a new "standard" was put into place today, it'd be years before thw "whole of the Internet" got it all together ... and that's not even bringing in the possibility of the possible conversion/introduction-to-the-masses of IPv6 and/or the Internet-II ..... I realize that bounces are a problem, but there has to be a better way! If you come up with it, please share. The world is waiting for that better solution. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 22, 2005 Share Posted January 22, 2005 D) If the blocking on inbound continues, then their ought to be a way to safelist one's inbound servers! If these were truely inbound only servers, there would be no way for them to be listed on the spamcop blocklist. While I personally do not like this work around, I will post it for completeness. If those "inbound only" servers used another server to send their bounces, only that server would be blocked. This is still bad for the internet because while you list may be generating valid bounces, a majority of the spam out there is generating false bounces to innocent third parties or invalid addresses. I am an administrator of a Lotus Notes installaton and several years ago our incoming/outgoing server was our email connection with the internet. I needed to clean out the outgoing mailbox at least once a day due to all the invalid bounce addresses. I now have another system that accepts our email and confirms it is being send to a valid user on our system and I see a bounce message maybe once a month and always because one of my users has fat fingered an address. That system rejects messages at the SMTP level for invalid addresses. It accepts and stores any possible spammy messages for my users to scan and retreive if needed. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.