pop

Oct. 22nd, 2007 06:57 pm
[personal profile] thedarkproject
Yay, a thousand email delivery failure notifications in my inbox when I get home from work, all because some spammer decided to use a variation on my address in his forgeries. Conclusive proof that the POP3 email system is completely broken.
  • Current Mood: blah
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2007-10-22 08:29 pm (UTC)
From: [identity profile] lost-in-moose.livejournal.com
email sucks, carrier pigeon is the way of the future

Date: 2007-10-22 09:04 pm (UTC)
From: [identity profile] mike-cardwell.livejournal.com
I host a domain that regularly had this problem. There's something you can use called Bounce Address Tag Validation that will prevent this from happening. You have to control the server which is the origin of all legitimate mail sent *from* that domain though in order to apply the change which will let you identify legit bounces.

The problem is actually the servers that send the bounces though. They're generating what is commonly known as back scatter. They accept the message, decide they don't want to deliver it, and then send a bounce. What they *should* do is reject the message rather than, accept then bounce. There's a subtle but very important difference. The Internet is full of badly configured mail servers, and clueless email administrators. Hotmails for example.

Er. That's probably more than you wanted to know.

Date: 2007-10-22 09:05 pm (UTC)
From: [identity profile] rabbleuk.livejournal.com
Only too happy to be that domain name on your server.
Hope you appreciate it ;)

Date: 2007-10-22 11:44 pm (UTC)
From: [personal profile] thedarkproject
Of course, the receiving servers could attempt to validate who they're bouncing to, but the real problem is that you can forge a From address with no authentication whatsoever. Bounces are actually useful in the ideal world (of 1988 or so) where every email is sent by a real human who would really like to know when something doesn't get delivered. If there was proper authentication on sends, then the only people who'd get all this rubbish are the spammers.

Date: 2007-10-23 03:46 am (UTC)
From: [identity profile] mike-cardwell.livejournal.com
Yeah. Bounces are useful. Using BATV means you'll only get legitimate bounces to email that you actually sent though. Bounces generated by email sent from other servers will be identified as such and rejected.

If all servers were configured to reject, rather than accept then bounce, it would get rid of most of the bad bounces as you're basically passing the obligation to generate a bounce back to the host that's originating the email. Which in most cases is a trojaned PC, which don't generate bounce messages.

Authentication schemes have been developed, eg SPF and Yahoo's DKIM. They're just waiting for more widespread uptake. I'm pretty optimistic about DKIM actually. However, authentication wont stop Spam. The spammers will just use the same authentication methods as everyone else. Domain names are *cheap*, especially if you're one of the extra dodgy spammers with a list of stolen credit card details.

Date: 2007-10-27 06:06 pm (UTC)
From: [identity profile] drusilla-filth.livejournal.com
This layout always makes me click the wrong reply link! It never happens anywhere else!!

Date: 2007-10-27 06:07 pm (UTC)
From: [identity profile] drusilla-filth.livejournal.com
I have this problem too. It comes in waves. Sometimes I get several thousand a day for a month. Damn catch all on my domain....
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

thedarkproject

August 2014

S M T W T F S
     12
345 6789
10111213141516
17181920212223
24252627282930
31      

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 8th, 2026 08:43 pm
Powered by Dreamwidth Studios