I don't have to send an e-mail to helpmeunderstandsmtp@xxxxxxxxxxxxx to tell you that the response will come from my server. I'm running a standards (RFC) compliant server. However, this is not the case in many of the e-mail we receive on a daily basis. Our server gets about 500-1000 e-mails a day that require an NDR being sent. Occasionally I go through these NDR e-mails to see what is being rejected. I keep hoping that everything that is sent out is a result of spam, but I keep finding valid NDRs in there. If everything was as perfect as you imply, my server would never have to send out those messages! I agree with you, free does not mean it is crap. Some of the biggest corporations use "free" software. The difference is that they regularly maintain/update it and keep it properly configured. This is not the case with a lot of the e-mail we receive. A lot of places we get e-mail from find an old RedHat or FirstMail CD from 10-15 years ago in a desk drawer, install it, and run it with it's outdated software and default settings. As long as it works, they don't care. We're not referring to the big-name e-mail servers like gmail.com, we're referring to the school with 100 kids and a volunteer parent that took one introductory college computer course setting up their e-mail server. There are TONS of programs out there beside postfix and sendmail. Heck, I even wrote one myself about ten years ago! Just to appease you, I did your "Google: email backspatter" search, but it only showed me exactly what I've been trying to describe to you. The ability of SMTP servers to send/relay information with little or not authentication is exactly the reason why many big companies considered backing the e-mail postage idea. There is no good solution to the problem. The solution proposed in many of results of that query all dealt with SMTP servers being compliant with a set standard, rejecting all traffic that failed to pass those tests. An NDR coming from the "sending" SMTP server only happens when two compatible systems talk to each other. Sorry for the DNS confusion, I meant to say SMTP. But yes, rejecting e-mail at the SMTP level from servers that don't or can't authenticate is the same as blocking from non-compatible SMTP servers. That is what the results of your Google answer-to-everything search suggest. They propose authenticating the sender, encrypting the transaction, etc... In short, putting more of a responsibility on the sending SMTP server. Again, this "only" works with "current" standards (RFC) complaint SMTP servers. By not sending out NDRs, you've cut off error messages to people that sent you a message and think that you got it. This, in itself isn't a "huge" problem, but it all depends on who you expect to receive e-mail from. If you attempt to eliminate the "email backspatter" problem by following the solutions in your Google query, then you've also cut off communications to a small percentage of potential e-mail senders. It is akin to having caller-id, no answering machine, and refusing to answer the phone if you don't recognize the number. I see a variation of this every day in rejection messages I get from distant SMTP servers. Rejecting messages we sent out because we are not listed as authorized senders in their spam filters. I didn't misunderstand you, I just thing you're living in a fantasy world and think everyone is running the latest and greatest software (Freeware or not) on their SMTP servers. Yes, in a perfect world wouldn't need to send out NDRs, but we don't live in a perfect world. Turn off your NDR sending if you want to, since you won't see the results it will seem (to you at least) to be the perfect solution. -----Original Message----- From: Danny [mailto:nocmonkey@xxxxxxxxx] Sent: Tuesday, January 03, 2006 6:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: How I spent my Christmas vacation - Email found in subject http://www.ISAserver.org On 1/3/06, Ball, Dan <DBall@xxxxxxxxxxx> wrote: > 1. I have to send NDRs out to people sending in mis-typed addresses, we > deal a lot with get general public, people make typos on e-mail > addresses all the time. Without the NDRs, many people would send e-mail > and "assume" it went through, and plan their activites according to > those assumptions. No, Dan, you have obviously misunderstood. Yes, NDR's are good, BUT they should only be generated during the original SMTP conversation and be supplied by the sending server, not the recipients server. NDR's should not be sent as new emails like pre-2003 Exchange (with Recipient filtering of non-existent addresses). Now do you understand why your Bad Mail directory wastes so many resources? This would not be a problem if Exchange did not accept email to non-existent recipients. > We don't know if the originating addresses are valid until we attempt to send the > NDR. You do not understand, so I will help: 1) Send an email to helpmeunderstandsmtp@xxxxxxxxxxxxx 2) Tell us which SMTP server you received your NDR from The sending SMTP server should be responsible for supplying the sender an NDR. > 2. Due to the wide variety of SMTP servers connecting to us, we cannot > "require" them to use a certain type of protocol just to send us e-mail. It's called the SMTP protocol, refer to the RFC's. It's the only one you need to support for SMTP-based email. > Thus, we allow everything to come in, and then deal with the results. I am sorry to hear that your organization is purely reactive. > Too many people in the education industry run the cheapest software they > can get, whether it is freeware or stuff that is 10-15 years old it > doesn't matter. As long as it is free. What is your point? Most of the Internet's mail servers are running Sendmail or Postfix - both of which are "free" to obtain. Free does not mean it is crap. > 3. Unfortunately, no-one can identify spammers by their e-mail address > or originating server, so it is impossible to tell if we're sending > e-mail to spammers or not. I am glad that you understand the first part, you know, that people can spoof their email address. But, this doesn't have to a problem; see above. > The proposed backscatter solution is just a dream. Wrong, and I totally disagree with your attitude towards the situation, one that you do not totally understand. Google: email backscatter. > While I agree that it IS a problem, and that there are several ways around it, > there is no "practical" solution at this time. See above. > Unless we can get EVERYONE running completely compatible DNS servers, it > will remain an illusive dream. This does not relate to compatible or incompatible DNS servers. > In the meantime, we contribute to the e-mail backscatter problem daily not > by choice but by necessity. Wrong. " " > Blocking e-mail that doesn't come from a "compatible" server is entirely out of > the question for us right now. Who said anything about blocking email from non-compatible servers? ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dball@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx