|
|
 Up |
|
|
  |
Author: Jay ChandlerJay Chandler
Date: Feb 3, 2007 17:27
>It's probably worth pointing out that NDRs are not the only
>form of outscatter. Others will get you on block lists too.
>
>The ones I can think of right now are:
>
> OOO crap to spam with forged return info
> that gets through your filters.
>
> You-have-a-virus warnings.
> Really advertisements for bogus antivirus software.
Where do Out of Office / Vacation autoresponders fall in this list,
and how do people tend to handle them?
--
Jay Chandler /NANABL@ haderach.net
|
| Show full article (0.84Kb) |
|
| |
no comments
|
|
|
Author: Seth BreidbartSeth Breidbart
Date: Feb 3, 2007 14:42
In article ,
Jost Krieger wrote:
>While I understand the point that lead to UCEPROTECT's position against
>SRS, I can't follow point 2.
>
>In my opinion (and this seems to parallel the opinion of many legal
>systems), the right of a sender to control his/her mail ends when it
>gets delivered (set aside copyright protection). I wouldn't like to give
>a sender the right to keep me from forwarding my mail wherever I want.
The sender can't. All he can do is say that your forward is not
authorized by him.
At least, that's how smtp works. Something proprietary like Bloomberg
Mail is different; messages can be non-forwardable.
Seth
|
| |
|
| |
1 Comment |
|
|
Author: phil-news-nospamphil-news-nospam
Date: Feb 3, 2007 05:40
On Sat, 3 Feb 2007 04:12:09 GMT JGwinner gmail.com> wrote:
| It's rather easy to make UCEProtect ban someone through a denial of
| service attack. It's happened to us a few times, and I it's clear
| that there are spammers out there that have our number.
|
| Here's how:
|
| 1) Spammer users someone@uceprotect.net as the 'from' address in a
| piece of SPAM.
| 2) Said spam can originate from anywhere.
| 3) Mycorp.com Mail server gets such spam. Reads header, realizes that
| 1 of the accounts in the email is a valid account, but one is not.
| 4) Mycorp.com Mail server prepares a NDL to send to
| someone@uceprotect.net
| 5) Uceprotect.net now blacklists the Mycorp.com mail server.
You just described backscatter. It is wrong for your mail server to
do this. It is a valid listing criteria not only for UCEProtect but
also for other lists, including one of my private lists.
See:
|
| Show full article (4.92Kb) |
|
1 Comment |
|
|
Author: Dave PlattDave Platt
Date: Feb 3, 2007 05:36
>It's rather easy to make UCEProtect ban someone through a denial of
>service attack. It's happened to us a few times, and I it's clear
>that there are spammers out there that have our number.
>
>Here's how:
>
>1) Spammer users someone@ uceprotect.net as the 'from' address in a
>piece of SPAM.
>2) Said spam can originate from anywhere.
>3) Mycorp.com Mail server gets such spam. Reads header, realizes that
>1 of the accounts in the email is a valid account, but one is not.
>4) Mycorp.com Mail server prepares a NDL to send to
>someone@ uceprotect.net
>5) Uceprotect.net now blacklists the Mycorp.com mail server.
Correct.
The Mycorp.com mail server is sending "backscatter". It's sending
email (non-delivery alerts) to people who never sent it email.
|
| Show full article (4.25Kb) |
|
no comments
|
|
|
Author: phil-news-nospamphil-news-nospam
Date: Feb 3, 2007 05:21
On Sat, 3 Feb 2007 04:10:27 GMT Jost Krieger wrote:
| Of course, a provider should restrict forwarding to "good" mails, but
| this doesn't work in all environments (for legal reasons in some
| systems).
You mean it should limit forwarding to only "good" email addresses which
are known to want the email being forwarded (so as not to fall under the
"unsolicited" criteria). I personally have a couple of email addresses
through forwarding services. I signed up on those voluntarily. Any email
sent to my designated address comes from there, it is not considered to be
an act of spamming by the forwarding service, even if it was actually spam
that was sent to the forwarding service in the first place. It might be
spam, but if so, the culprit is whoever sent it to the my forwarded email
address via a connection to that service's MX host(s).
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2007-02-03-0832@ipal.net |
|------------------------------------/-------------------------------------|
|
| Show full article (1.44Kb) |
|
no comments
|
|
|
Author: Herb OxleyHerb Oxley
Date: Feb 3, 2007 04:30
JGwinner gmail.com> wrote:> It's rather easy to make UCEProtect ban someone through a denial of
> service attack. It's happened to us a few times, and I it's clear
> that there are spammers out there that have our number.
> Here's how:
> 1) Spammer users someone@ uceprotect.net as the 'from' address in a
> piece of SPAM.
> 2) Said spam can originate from anywhere.
> 3) Mycorp.com Mail server gets such spam. Reads header, realizes that
> 1 of the accounts in the email is a valid account, but one is not.
> 4) Mycorp.com Mail server prepares a NDL to send to
> someone@ uceprotect.net
> 5) Uceprotect.net now blacklists the Mycorp.com mail server.
The RFC in question was writen before it became commonplace for spammers
to forge valid domains into MAIL FROM: and FROM: .
In today's email environment if you don't want to get blacklisted you have
three choices:
|
| Show full article (1.48Kb) |
|
1 Comment |
|
|
Author: Matthias LeisiMatthias Leisi
Date: Feb 3, 2007 04:28
JGwinner wrote:
> 1) Spammer users someone@ uceprotect.net as the 'from' address in a
> piece of SPAM.
> 2) Said spam can originate from anywhere.
> 3) Mycorp.com Mail server gets such spam. Reads header, realizes that
> 1 of the accounts in the email is a valid account, but one is not.
> 4) Mycorp.com Mail server prepares a NDL to send to
> someone@ uceprotect.net
I assume your "NDL" means "Non delivery notice"? That's obviously a
thing you should not do -- never send a "bounce message".
It is absolutely sufficient if you just say "550 user unknown" in the
SMTP dialogue. If your system is not capable of doing that, you have
some engineering to do.
While I question some of uceprotect.net's methods, they are perfectly
fine in listing you *if* you send out such bounce messages.
> UCEPROTECT, YOU NEED TO FIX YOUR SYSTEM.
No need to fix anything in that respect, I suppose.
-- Matthias
|
| Show full article (1.29Kb) |
|
no comments
|
|
|
|
|
|
Author: Martijn LievaartMartijn Lievaart
Date: Feb 3, 2007 04:28
On Sat, 03 Feb 2007 04:12:09 +0000, JGwinner wrote:
> It's rather easy to make UCEProtect ban someone through a denial of
> service attack. It's happened to us a few times, and I it's clear
> that there are spammers out there that have our number.
>
> Here's how:
>
> 1) Spammer users someone@ uceprotect.net as the 'from' address in a
> piece of SPAM.
> 2) Said spam can originate from anywhere.
> 3) Mycorp.com Mail server gets such spam. Reads header, realizes that
> 1 of the accounts in the email is a valid account, but one is not.
> 4) Mycorp.com Mail server prepares a NDL to send to
> someone@ uceprotect.net
> 5) Uceprotect.net now blacklists the Mycorp.com mail server.
That's intentional. You are creating backscatter. Fix your mailserver to
reject at smtp transaction time.
|
| Show full article (1.89Kb) |
|
7 Comments |
|
|
|
|
