Re: How I spent my Christmas vacation - Email found in subject
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 3 Jan 2006 22:00:50 -0500
I don't have to send an e-mail to helpmeunderstandsmtp@xxxxxxxxxxxxx to
tell you that the response will come from my server. I'm running a
standards (RFC) compliant server. However, this is not the case in many
of the e-mail we receive on a daily basis. Our server gets about
500-1000 e-mails a day that require an NDR being sent. Occasionally I
go through these NDR e-mails to see what is being rejected. I keep
hoping that everything that is sent out is a result of spam, but I keep
finding valid NDRs in there. If everything was as perfect as you imply,
my server would never have to send out those messages!
I agree with you, free does not mean it is crap. Some of the biggest
corporations use "free" software. The difference is that they regularly
maintain/update it and keep it properly configured. This is not the
case with a lot of the e-mail we receive. A lot of places we get e-mail
from find an old RedHat or FirstMail CD from 10-15 years ago in a desk
drawer, install it, and run it with it's outdated software and default
settings. As long as it works, they don't care. We're not referring to
the big-name e-mail servers like gmail.com, we're referring to the
school with 100 kids and a volunteer parent that took one introductory
college computer course setting up their e-mail server. There are TONS
of programs out there beside postfix and sendmail. Heck, I even wrote
one myself about ten years ago!
Just to appease you, I did your "Google: email backspatter" search, but
it only showed me exactly what I've been trying to describe to you. The
ability of SMTP servers to send/relay information with little or not
authentication is exactly the reason why many big companies considered
backing the e-mail postage idea. There is no good solution to the
problem. The solution proposed in many of results of that query all
dealt with SMTP servers being compliant with a set standard, rejecting
all traffic that failed to pass those tests. An NDR coming from the
"sending" SMTP server only happens when two compatible systems talk to
each other.
Sorry for the DNS confusion, I meant to say SMTP. But yes, rejecting
e-mail at the SMTP level from servers that don't or can't authenticate
is the same as blocking from non-compatible SMTP servers. That is what
the results of your Google answer-to-everything search suggest. They
propose authenticating the sender, encrypting the transaction, etc... In
short, putting more of a responsibility on the sending SMTP server.
Again, this "only" works with "current" standards (RFC) complaint SMTP
servers. By not sending out NDRs, you've cut off error messages to
people that sent you a message and think that you got it. This, in
itself isn't a "huge" problem, but it all depends on who you expect to
receive e-mail from.
If you attempt to eliminate the "email backspatter" problem by following
the solutions in your Google query, then you've also cut off
communications to a small percentage of potential e-mail senders. It is
akin to having caller-id, no answering machine, and refusing to answer
the phone if you don't recognize the number. I see a variation of this
every day in rejection messages I get from distant SMTP servers.
Rejecting messages we sent out because we are not listed as authorized
senders in their spam filters.
I didn't misunderstand you, I just thing you're living in a fantasy
world and think everyone is running the latest and greatest software
(Freeware or not) on their SMTP servers. Yes, in a perfect world
wouldn't need to send out NDRs, but we don't live in a perfect world.
Turn off your NDR sending if you want to, since you won't see the
results it will seem (to you at least) to be the perfect solution.
-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx]
Sent: Tuesday, January 03, 2006 6:35 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How I spent my Christmas vacation - Email found
in subject
http://www.ISAserver.org
On 1/3/06, Ball, Dan <DBall@xxxxxxxxxxx> wrote:
> 1. I have to send NDRs out to people sending in mis-typed addresses,
we
> deal a lot with get general public, people make typos on e-mail
> addresses all the time. Without the NDRs, many people would send
e-mail
> and "assume" it went through, and plan their activites according to
> those assumptions.
No, Dan, you have obviously misunderstood.
Yes, NDR's are good, BUT they should only be generated during the
original SMTP conversation and be supplied by the sending server, not
the recipients server. NDR's should not be sent as new emails like
pre-2003 Exchange (with Recipient filtering of non-existent
addresses). Now do you understand why your Bad Mail directory wastes
so many resources? This would not be a problem if Exchange did not
accept email to non-existent recipients.
> We don't know if the originating addresses are valid until we attempt
to send the
> NDR.
You do not understand, so I will help:
1) Send an email to helpmeunderstandsmtp@xxxxxxxxxxxxx
2) Tell us which SMTP server you received your NDR from
The sending SMTP server should be responsible for supplying the sender
an NDR.
> 2. Due to the wide variety of SMTP servers connecting to us, we cannot
> "require" them to use a certain type of protocol just to send us
e-mail.
It's called the SMTP protocol, refer to the RFC's. It's the only one
you need to support for SMTP-based email.
> Thus, we allow everything to come in, and then deal with the results.
I am sorry to hear that your organization is purely reactive.
> Too many people in the education industry run the cheapest software
they
> can get, whether it is freeware or stuff that is 10-15 years old it
> doesn't matter. As long as it is free.
What is your point? Most of the Internet's mail servers are running
Sendmail or Postfix - both of which are "free" to obtain.
Free does not mean it is crap.
> 3. Unfortunately, no-one can identify spammers by their e-mail
address
> or originating server, so it is impossible to tell if we're sending
> e-mail to spammers or not.
I am glad that you understand the first part, you know, that people
can spoof their email address. But, this doesn't have to a problem;
see above.
> The proposed backscatter solution is just a dream.
Wrong, and I totally disagree with your attitude towards the
situation, one that you do not totally understand. Google: email
backscatter.
> While I agree that it IS a problem, and that there are several ways
around it,
> there is no "practical" solution at this time.
See above.
> Unless we can get EVERYONE running completely compatible DNS servers,
it
> will remain an illusive dream.
This does not relate to compatible or incompatible DNS servers.
> In the meantime, we contribute to the e-mail backscatter problem daily
not
> by choice but by necessity.
Wrong. " "
> Blocking e-mail that doesn't come from a "compatible" server is
entirely out of
> the question for us right now.
Who said anything about blocking email from non-compatible servers?
...D
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
