You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Philip Prindeville <ph...@redfish-solutions.com> on 2007/11/05 18:20:16 UTC
It's a fine line...
Between the truly clueless administrator, and those that feign ignorance
to cover up their implicit approval of spammers...
What do you do in the case where someone is filtering deliveries to
their "abuse" mailbox? (Like 99% of mail sent there isn't going to
score positively...)
Sigh.
========
Return-Path: <>
Received: from localhost (localhost)
by mail.redfish-solutions.com (8.14.1/8.14.1) id lA5HEMTM017203;
Mon, 5 Nov 2007 10:14:22 -0700
Date: Mon, 5 Nov 2007 10:14:22 -0700
From: Mail Delivery Subsystem <MA...@mail.redfish-solutions.com>
Message-Id: <20...@mail.redfish-solutions.com>
To: <ab...@redfish-solutions.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="lA5HEMTM017203.1194282862/mail.redfish-solutions.com"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
This is a MIME-encapsulated message
--lA5HEMTM017203.1194282862/mail.redfish-solutions.com
The original message was received at Mon, 5 Nov 2007 10:14:14 -0700
from pool-71-112-36-94.sttlwa.dsl-w.verizon.net [71.112.36.94]
----- The following addresses had permanent fatal errors -----
<ab...@arminco.com>
(reason: 550 Rejecting message scored for more than 8.0 (9.0) SPAM points.)
----- Transcript of session follows -----
... while talking to arminco.com.:
>>> DATA
<<< 550 Rejecting message scored for more than 8.0 (9.0) SPAM points.
554 5.0.0 Service unavailable
--lA5HEMTM017203.1194282862/mail.redfish-solutions.com
Content-Type: message/delivery-status
Reporting-MTA: dns; mail.redfish-solutions.com
Received-From-MTA: DNS; pool-71-112-36-94.sttlwa.dsl-w.verizon.net
Arrival-Date: Mon, 5 Nov 2007 10:14:14 -0700
Final-Recipient: RFC822; abuse@arminco.com
Action: failed
Status: 5.2.0
Remote-MTA: DNS; arminco.com
Diagnostic-Code: SMTP; 550 Rejecting message scored for more than 8.0 (9.0) SPAM points.
Last-Attempt-Date: Mon, 5 Nov 2007 10:14:22 -0700
--lA5HEMTM017203.1194282862/mail.redfish-solutions.com
Content-Type: message/rfc822
Return-Path: <ab...@redfish-solutions.com>
Received: from [192.168.10.148] (pool-71-112-36-94.sttlwa.dsl-w.verizon.net [71.112.36.94])
(authenticated bits=0)
by mail.redfish-solutions.com (8.14.1/8.14.1) with ESMTP id lA5HECTN017198
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <ab...@arminco.com>; Mon, 5 Nov 2007 10:14:14 -0700
Message-ID: <47...@redfish-solutions.com>
Date: Mon, 05 Nov 2007 09:14:05 -0800
From: Abuse Department <ab...@redfish-solutions.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: abuse@arminco.com
Subject: Filtering abuse reports
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.63 on 192.168.1.3
Of course submitted mail to the Abuse mailbox is going to score as
"spam". It is spam. Why else would anyone be reporting it?
Please get a clue and turn off filtering on your abuse mailbox:
The original message was received at Mon, 5 Nov 2007 10:10:58 -0700
from pool-71-112-36-94.sttlwa.dsl-w.verizon.net [71.112.36.94]
----- The following addresses had permanent fatal errors -----
<ab...@arminco.com>
(reason: 550 Rejecting message scored for more than 8.0 (20.6) SPAM points.)
----- Transcript of session follows -----
... while talking to styx.aic.net.:
>>> >>> DATA
>>>
<<< 550 Rejecting message scored for more than 8.0 (15.1) SPAM points.
554 5.0.0 Service unavailable
... while talking to arminco.com.:
>>> >>> DATA
>>>
<<< 550 Rejecting message scored for more than 8.0 (20.6) SPAM points.
554 5.0.0 Service unavailable
--lA5HEMTM017203.1194282862/mail.redfish-solutions.com--
Re: It's a fine line...
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
Steven Kurylo wrote:
> Philip Prindeville wrote:
>> Between the truly clueless administrator, and those that feign
>> ignorance to cover up their implicit approval of spammers...
>>
>> What do you do in the case where someone is filtering deliveries to
>> their "abuse" mailbox? (Like 99% of mail sent there isn't going to
>> score positively...)
> I filter my abuse address. Otherwise it would get so many spam
> messages, the ham would get lost in the noise.
>
> Only send the headers. If the body is actually needed post it on some
> webpage.
A lot of sites won't accept just header lines. They need both (to
confirm that it's software piracy, or pornography, or phishing... and
with phishing, you need the 4th party: the link that is being used to
spoof the legitimate organization). And who bothers to keep track of
who wants what?
I send everyone a complete copy of the message inline, because some
braindead sites don't accept attachments, etc.
-Philip
Re: It's a fine line...
Posted by Evan Platt <ev...@espphotography.com>.
At 12:54 PM 11/5/2007, Philip Prindeville wrote:
>Well, Yahoo is a waste of time for other reasons, right? They tell
>you that it doesn't come from their site... but to use the top-most
>Received: line's IP address, then to look that up on
>ARIN.... which... surprise! ... typically points to Yahoo! (or one
>of their surrogates, like Inktomi... do their tier-1 people not
>*know* that Yahoo owns Inktomi? or are they just playing dumb?).
Want to talk Stupid, let's talk Google Groups.
I've given up on reporting people posting through Google Groups
posting blogspot spam. I have a usenet filter specifically to drop GG posts.
Google just doesn't care. I have spam posts going back 3 years Google
has done nothing about.
I finally got an answer at least about blogspot: Once they delete a
blogspot page because of Spam, there's nothing to prevent the person
from recreating the page.
Re: It's a fine line...
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 5 Nov 2007, Philip Prindeville wrote:
> Well, Yahoo is a waste of time for other reasons, right? They
> tell you that it doesn't come from their site...
I generally don't get spam from Yahoo MTAs; most of my reporting is
of fraud spams with yahoo contact addresses.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Of the twenty-two civilizations that have appeared in history,
nineteen of them collapsed when they reached the moral state the
United States is in now. -- Arnold Toynbee
-----------------------------------------------------------------------
6 days until Veterans Day
Re: It's a fine line...
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
John D. Hardin wrote:
> On Mon, 5 Nov 2007, Steven Kurylo wrote:
>
>
>> Philip Prindeville wrote:
>>
>>> Between the truly clueless administrator, and those that feign
>>> ignorance to cover up their implicit approval of spammers...
>>>
>>> What do you do in the case where someone is filtering deliveries to
>>> their "abuse" mailbox? (Like 99% of mail sent there isn't going to
>>> score positively...)
>>>
>
> I have a form note that I send to the postmaster address whenever a
> report to the abuse address is bounced. It says (1) you need a working
> abuse address and (2) you shouldn't filter it.
>
>
>> I filter my abuse address. Otherwise it would get so many spam
>> messages, the ham would get lost in the noise.
>>
>> Only send the headers. If the body is actually needed post it on
>> some webpage.
>>
>
> To heck with that. If I have to jump through that many hoops to report
> abuse in *your* network, I'm just going to roundfile it. It's enough
> work to pick out all of the relevant abuse addresses to forward the
> message to, and note the type of abuse (lottery, 419, money
> laundering, etc.).
>
> I almost don't report abuse to Yahoo because they refuse to deal with
> RFC-822 attachments and want the entire original message in the body,
> and that makes reporting abuse containing a Yahoo.* contact address
> two separate operations - forward as attachment to the relay owner,
> and forward in the body to Yahoo.
>
Well, Yahoo is a waste of time for other reasons, right? They tell you
that it doesn't come from their site... but to use the top-most
Received: line's IP address, then to look that up on ARIN.... which...
surprise! ... typically points to Yahoo! (or one of their surrogates,
like Inktomi... do their tier-1 people not *know* that Yahoo owns
Inktomi? or are they just playing dumb?).
-Philip
Re: It's a fine line...
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 5 Nov 2007, Steven Kurylo wrote:
> Philip Prindeville wrote:
> > Between the truly clueless administrator, and those that feign
> > ignorance to cover up their implicit approval of spammers...
> >
> > What do you do in the case where someone is filtering deliveries to
> > their "abuse" mailbox? (Like 99% of mail sent there isn't going to
> > score positively...)
I have a form note that I send to the postmaster address whenever a
report to the abuse address is bounced. It says (1) you need a working
abuse address and (2) you shouldn't filter it.
> I filter my abuse address. Otherwise it would get so many spam
> messages, the ham would get lost in the noise.
>
> Only send the headers. If the body is actually needed post it on
> some webpage.
To heck with that. If I have to jump through that many hoops to report
abuse in *your* network, I'm just going to roundfile it. It's enough
work to pick out all of the relevant abuse addresses to forward the
message to, and note the type of abuse (lottery, 419, money
laundering, etc.).
I almost don't report abuse to Yahoo because they refuse to deal with
RFC-822 attachments and want the entire original message in the body,
and that makes reporting abuse containing a Yahoo.* contact address
two separate operations - forward as attachment to the relay owner,
and forward in the body to Yahoo.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You do not examine legislation in the light of the benefits it
will convey if properly administered, but in the light of the
wrongs it would do and the harms it would cause if improperly
administered. -- Lyndon B. Johnson
-----------------------------------------------------------------------
6 days until Veterans Day
Re: It's a fine line...
Posted by Steven Kurylo <st...@aviawest.com>.
Philip Prindeville wrote:
> Between the truly clueless administrator, and those that feign
> ignorance to cover up their implicit approval of spammers...
>
> What do you do in the case where someone is filtering deliveries to
> their "abuse" mailbox? (Like 99% of mail sent there isn't going to
> score positively...)
I filter my abuse address. Otherwise it would get so many spam
messages, the ham would get lost in the noise.
Only send the headers. If the body is actually needed post it on some
webpage.
Re: It's a fine line...
Posted by Olivier Nicole <on...@cs.ait.ac.th>.
> actually, there are DNS lists (and I don't call them blacklists) who list
> countries. I've seen some people reporting that they use them to block spam
> from those countries...
True, GeoIP does that for example.
Olivier
Re: It's a fine line...
Posted by mouss <mo...@netoyen.net>.
Olivier Nicole wrote:
>> meant there
>> is no dns list for organizations. something like
>> # lookup_company_by_ip 192.0.2.1
>>
>
> Reverse DNS on the contacting mail gateway?
>
that only gives the domain name. but a single organization may have
multiple domains, and in many cases it is hard to tell the organisation
from the domain.
whois will generlly help, but is is not adequate for automatic queries
for every mail you receive.
Re: It's a fine line...
Posted by Olivier Nicole <on...@cs.ait.ac.th>.
> meant there
> is no dns list for organizations. something like
> # lookup_company_by_ip 192.0.2.1
Reverse DNS on the contacting mail gateway?
Bests,
olivier
Re: It's a fine line...
Posted by mouss <mo...@netoyen.net>.
Matus UHLAR - fantomas wrote:
>> Olivier Nicole wrote:
>>
>>> The attitude goes by organisation, not by country.
>>>
>
> On 06.11.07 08:37, mouss wrote:
>
>> "we" know almost all countries. I don't even know a small part of the
>> organizations in my own town. and there is no DNS equivalent of whois.
>>
>
> actually, there are DNS lists (and I don't call them blacklists) who list
> countries. I've seen some people reporting that they use them to block spam
> from those countries...
>
looks like you misunderstood me. yes, nerd.dk or geoip will help for the
country part. but I was about the "organization" version. I meant there
is no dns list for organizations. something like
# lookup_company_by_ip 192.0.2.1
...
Re: It's a fine line...
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> Olivier Nicole wrote:
> > The attitude goes by organisation, not by country.
On 06.11.07 08:37, mouss wrote:
> "we" know almost all countries. I don't even know a small part of the
> organizations in my own town. and there is no DNS equivalent of whois.
actually, there are DNS lists (and I don't call them blacklists) who list
countries. I've seen some people reporting that they use them to block spam
from those countries...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
Re: It's a fine line...
Posted by mouss <mo...@netoyen.net>.
Olivier Nicole wrote:
>> It's not a matter of cultural imperialism, if that's what you're getting at.
>>
>> It's an acknowledgment of the importance of the "rule of law" in cyberspace.
>>
>
> Except that I don't think it is anything close to a rule of law, but
> rather a sign of short view.
>
> As I said, I doubt you ever got any spam from my organisation (either
> originated from, or relayed).
>
>> Some countries enforce anti-spam, anti-trespass laws. Others lack them
>> or don't enforce them.
>>
>
> The attitude goes by organisation, not by country.
>
"we" know almost all countries. I don't even know a small part of the
organizations in my own town. and there is no DNS equivalent of whois.
>
>> When these countries put some teeth into the enforcement of their laws,
>> then they will stop being blacklisted.
>>
>
> Plus if we would to ban the oginating country for 50% of spam (not my
> figure), USA should be banned.
>
> But hey, that is a too big cut from Internet, so in some way it is
> cultural imperialism.
>
I won't argue about imperialism.
but some people block countries based on the fact that they get very few
mail from these countries, so the propability of an FP is very low.
Ironically, such an approach is used by people who fear FPs too much
that they don't use "common" checks such as DNSBLs, basic helo checks,
... etc.
Re: It's a fine line...
Posted by Olivier Nicole <on...@cs.ait.ac.th>.
> uummmm, by default, all organizations get to specifically (or not) define
> network policies on their own networks.
Exactly. Only I expected subscribers to SA list to be a bit wiser than
lambda policy designer.
> Crackers go after easier targets to abuse and the rich ruleth over the poor
> and so spam comes from countries that are poor in dollars and in ethics or
> law.
Agreed too. But I suspect that the policy designer above mentionned do
not really pay close attention to the laws that various countries
install or not.
> Thank God for spamassassin!
Agreed with that, why bothering banning per country when SA does a
fine and finer job (works well and per message, not per country bulk).
Bests,
Olivier
RE: It's a fine line...
Posted by Robert - elists <li...@abbacomm.net>.
>
> But hey, that is a too big cut from Internet, so in some way it is
> cultural imperialism.
>
> Bests,
>
> Olivier
Oliver
uummmm, by default, all organizations get to specifically (or not) define
network policies on their own networks.
Like it or not that is the way it is.
I don't know of too many democratically run for profit networks.
Thing is, in a way, you are right Oliver...
it's kinda the don't "dog wow" in your own backyard IP space thing.
Crackers go after easier targets to abuse and the rich ruleth over the poor
and so spam comes from countries that are poor in dollars and in ethics or
law.
Thank God for spamassassin!
- rh
Re: It's a fine line...
Posted by Olivier Nicole <on...@cs.ait.ac.th>.
> Do the math. 50% of the spam (if that is indeed the case) is very low,
> considering that the US generates a much larger percentage of the total
> Internet traffic than just half.
The 50% figure was given recently, was that by someone of ICANN or
APNIC, I don't remember.
> In any case, you might get spammed from the US, but I don't: it would
> be too easy for me to make a complaint against the spammer and have them
> be charged, shut down, and fined.
>
> That's what effectively laws, properly enforced, do.
OK, so maybe spammers are getting clever and USA spamer address to
Asia and Asian spammers address to USA? So we each starts ignoring the
others? That may not be the best attitude in Internet world.
> That's a fairly specious argument.
I apologize, English is not my mother tongue, I may have miss stated
what I intended.
Bests,
Olivier
Re: It's a fine line...
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
Olivier Nicole wrote:
>> It's not a matter of cultural imperialism, if that's what you're getting at.
>>
>> It's an acknowledgment of the importance of the "rule of law" in cyberspace.
>>
>
> Except that I don't think it is anything close to a rule of law, but
> rather a sign of short view.
>
> As I said, I doubt you ever got any spam from my organisation (either
> originated from, or relayed).
>
So, what are you saying? One well behaved citizen obviates the need for
laws for all others?
It doesn't work that way.
>> Some countries enforce anti-spam, anti-trespass laws. Others lack them
>> or don't enforce them.
>>
>
> The attitude goes by organisation, not by country.
>
Organizations don't make laws. Countries do.
>> When these countries put some teeth into the enforcement of their laws,
>> then they will stop being blacklisted.
>>
>
> Plus if we would to ban the oginating country for 50% of spam (not my
> figure), USA should be banned.
>
Do the math. 50% of the spam (if that is indeed the case) is very low,
considering that the US generates a much larger percentage of the total
Internet traffic than just half.
In any case, you might get spammed from the US, but I don't: it would
be too easy for me to make a complaint against the spammer and have them
be charged, shut down, and fined.
That's what effectively laws, properly enforced, do.
> But hey, that is a too big cut from Internet, so in some way it is
> cultural imperialism.
>
> Bests,
>
> Olivier
>
>
That's a fairly specious argument.
-Philip
Re: It's a fine line...
Posted by Olivier Nicole <on...@cs.ait.ac.th>.
> It's not a matter of cultural imperialism, if that's what you're getting at.
>
> It's an acknowledgment of the importance of the "rule of law" in cyberspace.
Except that I don't think it is anything close to a rule of law, but
rather a sign of short view.
As I said, I doubt you ever got any spam from my organisation (either
originated from, or relayed).
> Some countries enforce anti-spam, anti-trespass laws. Others lack them
> or don't enforce them.
The attitude goes by organisation, not by country.
> When these countries put some teeth into the enforcement of their laws,
> then they will stop being blacklisted.
Plus if we would to ban the oginating country for 50% of spam (not my
figure), USA should be banned.
But hey, that is a too big cut from Internet, so in some way it is
cultural imperialism.
Bests,
Olivier
Re: It's a fine line...
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
Olivier Nicole wrote:
> And not to point fingers, how to react with a narrow minded sysadmin
> that ban per IP?
>
> From my legitimate mail server in Thailand, that has never been
> blacklisted as far as I know:
>
> mail<on>45: telnet mail.redfish-solutions.com 25
> Trying 66.232.79.143...
> Connected to mail.redfish-solutions.com (66.232.79.143).
> Escape character is '^]'.
> 554 mail.redfish-solutions.com ESMTP not accepting messages
>
> From another mailserver I administrate, but located in Germany:
>
> sino<on>72: telnet mail.redfish-solutions.com 25
> Trying 66.232.79.143...
> Connected to mail.redfish-solutions.com.
> Escape character is '^]'.
> 220 mail.redfish-solutions.com ESMTP Sendmail 8.14.1/8.14.1; Mon, 5 Nov 2007 19:10:02 -0700
>
> No need to remind that any person seriously looking at spam problem
> know that spam is mainly originated from USA, even if relayed through
> other, possibly Asian, countries.
>
> Yes I am quite pisse dby such attitude.
>
> Olivier
>
It's not a matter of cultural imperialism, if that's what you're getting at.
It's an acknowledgment of the importance of the "rule of law" in cyberspace.
Some countries enforce anti-spam, anti-trespass laws. Others lack them
or don't enforce them.
When these countries put some teeth into the enforcement of their laws,
then they will stop being blacklisted.
-Philip
Re: It's a fine line...
Posted by Olivier Nicole <on...@cs.ait.ac.th>.
And not to point fingers, how to react with a narrow minded sysadmin
that ban per IP?
>From my legitimate mail server in Thailand, that has never been
blacklisted as far as I know:
mail<on>45: telnet mail.redfish-solutions.com 25
Trying 66.232.79.143...
Connected to mail.redfish-solutions.com (66.232.79.143).
Escape character is '^]'.
554 mail.redfish-solutions.com ESMTP not accepting messages
>From another mailserver I administrate, but located in Germany:
sino<on>72: telnet mail.redfish-solutions.com 25
Trying 66.232.79.143...
Connected to mail.redfish-solutions.com.
Escape character is '^]'.
220 mail.redfish-solutions.com ESMTP Sendmail 8.14.1/8.14.1; Mon, 5 Nov 2007 19:10:02 -0700
No need to remind that any person seriously looking at spam problem
know that spam is mainly originated from USA, even if relayed through
other, possibly Asian, countries.
Yes I am quite pisse dby such attitude.
Olivier
Re: It's a fine line...
Posted by Olivier Nicole <on...@cs.ait.ac.th>.
Hi,
> Between the truly clueless administrator, and those that feign ignorance
> to cover up their implicit approval of spammers...
>
> What do you do in the case where someone is filtering deliveries to
> their "abuse" mailbox? (Like 99% of mail sent there isn't going to
> score positively...)
If I am in the mood, I would try to report one step above, to their
ISP for example.
Bests,
Olivier
Re: It's a fine line...
Posted by Jonas Eckerman <jo...@frukt.org>.
Matus UHLAR - fantomas wrote:
> The advise I've seen (iirc it was in rfc-ignorant lists) was not to allow
> send the mail to abuse and non-abuse mailboxes together, e.g. when it's sent
> to abuse mailbox, reject rcpt to:non-abuse mailboxes with temporary error
> and vice versa.
This is what we're implementing for our abuse addresses, using
MIMEDefang with sendmail.
The temporary errors are 452 4.5.3, the same codes as for a
normal RFC 2821+3463 "too many recipients" error, so any working
mail server should retry the rejected addresses.
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
Re: It's a fine line...
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 06.11.07 07:57, Philip Prindeville wrote:
> However, you don't want to mail to the abuse mailbox to see if it gets
> delivered, and then if it bounced, mail to the OrgTech mailbox
> instead... because that's too much wasted time... So you To: the abuse
> mailbox on the odd chance that it exists, and you Bcc: the "noc" mailbox
> (or the "hostmaster" or whatever) as a fallback address.
Actually, I do want. And when someone from domain that does not support
abuse@ wants to mail me, (s)he's out of luck. They don't care about rules, I
don't care about their mail...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
Re: It's a fine line...
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
Matus UHLAR - fantomas wrote:
> The advise I've seen (iirc it was in rfc-ignorant lists) was not to allow
> send the mail to abuse and non-abuse mailboxes together, e.g. when it's sent
> to abuse mailbox, reject rcpt to:non-abuse mailboxes with temporary error
> and vice versa. The result should be, once the mail will be sent to all
> non-abuse mailboxes, once to abuse mailboxes, and they can be filtered with
> different rules.
>
>
If only it were that easy.
The issue is that a lot of sites are ignorant and haven't filled out all
of their ICANN required fields in their ARIN (or RIPE or APNIC or LACNIC
or AFRNIC) registrations.... So there might be a OrgTech contact as
"noc@foo.bar".... who you Bcc: on the message, but you guess that
there's also an "abuse" mailbox, and they just forgot to register it.
However, you don't want to mail to the abuse mailbox to see if it gets
delivered, and then if it bounced, mail to the OrgTech mailbox
instead... because that's too much wasted time... So you To: the abuse
mailbox on the odd chance that it exists, and you Bcc: the "noc" mailbox
(or the "hostmaster" or whatever) as a fallback address.
-Philip
Re: It's a fine line...
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 05.11.07 09:20, Philip Prindeville wrote:
> Between the truly clueless administrator, and those that feign ignorance
> to cover up their implicit approval of spammers...
>
> What do you do in the case where someone is filtering deliveries to
> their "abuse" mailbox? (Like 99% of mail sent there isn't going to
> score positively...)
the admin should be notified about that problem. abuse address should usually
go to 'all_spam_to' lists, but there's possibility that spammerfs start
Cc:ing abuse@ to get spam through.
The advise I've seen (iirc it was in rfc-ignorant lists) was not to allow
send the mail to abuse and non-abuse mailboxes together, e.g. when it's sent
to abuse mailbox, reject rcpt to:non-abuse mailboxes with temporary error
and vice versa. The result should be, once the mail will be sent to all
non-abuse mailboxes, once to abuse mailboxes, and they can be filtered with
different rules.
However, I don't know about any possibility to implement such tests in my
sendmail or any other MTA.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]