Re: [Asrg] Verizon's asymmetrical anti-spam causing problems
Josh Rollyson <jrollyson@sosdg.org> Tue, 08 March 2005 08:15 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA26306 for <asrg-web-archive@ietf.org>; Tue, 8 Mar 2005 03:15:55 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D8Zv5-000614-D4 for asrg-web-archive@ietf.org; Tue, 08 Mar 2005 03:18:23 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D8Zrk-0004lZ-SA; Tue, 08 Mar 2005 03:14:56 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D8Zri-0004lG-Ti for asrg@megatron.ietf.org; Tue, 08 Mar 2005 03:14:55 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA26192 for <asrg@ietf.org>; Tue, 8 Mar 2005 03:14:52 -0500 (EST)
Received: from everest.2mbit.com ([24.123.221.2] helo=mail.sosdg.org ident=mail) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D8Zu3-0005z2-BO for asrg@ietf.org; Tue, 08 Mar 2005 03:17:20 -0500
Received: from rdu163-60-140.nc.rr.com ([24.163.60.140] helo=[192.168.15.42]) by mail.sosdg.org with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.50-SOSDG) id 1D8Zre-0007e1-Lg by authid <stephanie>; Tue, 08 Mar 2005 03:14:50 -0500
Message-ID: <422D5F2E.2000404@sosdg.org>
Date: Tue, 08 Mar 2005 03:15:42 -0500
From: Josh Rollyson <jrollyson@sosdg.org>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Peter Kay <peter@titankey.com>, asrg@ietf.org
Subject: Re: [Asrg] Verizon's asymmetrical anti-spam causing problems
References: <200503072057343.SM04624@sk.cybercominc.com>
In-Reply-To: <200503072057343.SM04624@sk.cybercominc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Received-SPF: softfail (everest.sosdg.org: transitioning domain of sosdg.org does not designate 24.163.60.140 as permitted sender) client-ip=24.163.60.140; envelope-from=jrollyson@sosdg.org; helo=[192.168.15.42];
X-Warning: 24.163.60.140 is in a black list at dnsbl.sorbs.net
X-Scan-Signature: dff4cd0c05900c5d703d9f6ab3a67322
X-SA-Exim-Connect-IP: 24.163.60.140
X-SA-Exim-Mail-From: jrollyson@sosdg.org
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8
Content-Transfer-Encoding: 7bit
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Content-Transfer-Encoding: 7bit
Peter Kay wrote: > Has anyone noticed/experienced Verizon's asymmetrical anti-spam email > address verification? After you connect to their mail servers and send > the MAIL-FROM / RCPT-TO commands, before they come back with an OK, they > do a reverse check of the MAIL-FROM address to see if it's valid and if > not, return a fatal error. > > While Verizon is certainly not the only ISP doing address verification, > and I'm personally in favor of the approach, what I object to is that > their approach is not symmetrical, meaning that if another server (e.g. > Mailsender.com) were to employ the identical method that Verizon does, > neither Verizon nor Mailsender.com would be able to send each other email. > > The reason for this asymmetry is that the Verizon probe addresses are in > the form of antispamxxxx@west.verizon.net > <mailto:antispamxxxx@west.verizon.net> or something to that effect where > xxxx is a 4 digit number. So if Mailsender.com used probes like > antispamxxxx@east.Mailsender.com > <mailto:antispamxxxx@east.Mailsender.com> you can see the problem, that > being: > > A. Mailsender sends email to Verizon. > B. Verizon holds the connection and attempts a probe to Mailsender. > C. Mailsender holds the connection and attempts a probe to Verizon. > D. (does this create an infinite loop?) > E. Verizon's probe fails. > F. Mailsender's probe fails. > G. Legitimate email is never sent. > > Has anyone else had problems with this? I did quick check on their site > and didn't find anything. > > Have there been any BCP or equivalent on email address verification? I > haven't easily found any. The SAFEST return address for probes of that type would be a null sender <>, simply by virtue of it not generating a reply. However, some very misguided postmasters block support for null senders, which also effectively blocks bounce messages, without having any real impact on blocking spam. Timeouts with fail-open design can help with the above scenario though, at the risk of letting some spam through. I've not seen any BCP on this either, theroretically VRFY is designed for the purpose, but nobody in their right mind permits it these days because its just as useful for spammers to check their lists. Maybe an extended VRFY replacement that takes a messageid and an email address, and verifies that the server handled a message from that sender, with that messageid recently? Of course, this would take years to implement, and might not ever get widespread support. (And still has its own problems) _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Verizon's asymmetrical anti-spam causing p… Peter Kay
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Josh Rollyson
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Jose Marcio Martins da Cruz
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Steven G. Willis
- RE: [Asrg] Verizon's asymmetrical anti-spam causi… Dennis Dayman
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Richard Johnson
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Florian Weimer