IETF Logo Mail Archive

Re: [Asrg] Some data on the validity of MAIL FROM addresses

"Jon Kyme" <jrk@merseymail.com> Mon, 19 May 2003 08:22 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA12121 for <asrg-archive@odin.ietf.org>; Mon, 19 May 2003 04:22:45 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4J7pbv26777 for asrg-archive@odin.ietf.org; Mon, 19 May 2003 03:51:37 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J7pbB26774 for <asrg-web-archive@optimus.ietf.org>; Mon, 19 May 2003 03:51:37 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA12071; Mon, 19 May 2003 04:22:14 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HfwC-00016Y-00; Mon, 19 May 2003 04:24:04 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19HfwC-00016V-00; Mon, 19 May 2003 04:24:04 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J7k9B26428; Mon, 19 May 2003 03:46:09 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J7jvB26400 for <asrg@optimus.ietf.org>; Mon, 19 May 2003 03:45:57 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA11788 for <asrg@ietf.org>; Mon, 19 May 2003 04:16:34 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Hfqi-00010W-00 for asrg@ietf.org; Mon, 19 May 2003 04:18:24 -0400
Received: from argon.connect.org.uk ([193.110.243.33]) by ietf-mx with esmtp (Exim 4.12) id 19Hfqh-00010T-00 for asrg@ietf.org; Mon, 19 May 2003 04:18:23 -0400
Received: from mmail by argon.connect.org.uk with local (connectmail/exim) id 19Hfrp-0000He-00; Mon, 19 May 2003 09:19:33 +0100
In-Reply-To: <6419342993.20030518213514@brandenburg.com>
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
To: Dave Crocker <dcrocker@brandenburg.com>
From: Jon Kyme <jrk@merseymail.com>
Cc: ASRG <asrg@ietf.org>
X-Mailer: [ConnectMail 3.5.4]
X-connectmail-Originating-IP: 172.25.243.3
Message-Id: <E19Hfrp-0000He-00@argon.connect.org.uk>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 19 May 2003 09:19:33 +0100

>>> Can you show instances in which they say yes to messages they cannot
>deliver?
>
>
>VS> I was skeptical of the report that Yahoo defers no-such-user responses
>VS> until the DATA command, and so I made the obvious `telnet ... 25`
>test.
>VS> I tried a perfectly valid message to an address that was very unlikely
>VS> to exist.  The Rcpt_To command was answered with at 250 response.  It
>VS> was not until the end of the DATA command that I got a 5yz.
>
>
>Folks, the email operations world has increasingly moved away from
>real-time processing of SMTP data.
>
>Processing causes delays and SMTP client daemons are impatient. The
>very, very wide range of network delays has compunded the effect of
>these processing delays, constantly causing problematic timeouts.
>
>So the tendency, these days, is to just say 'yes' in the protocol, take
>the addresses and content, store them in a queue, and do any real work
>after the connection closes.
>


The tendency may have been to move away from "real-time processing of SMTP
data", however with the increasing spam burden I wouldn't be surprised to
see the pendulum swing back. Only by making checks at the border can
traffic be rejected as near source as possible.
It's interesting that some MTAs nowadays offer hooks for highly
configurable checking during SMTP transaction (I'm thinking of the
local_scan interface in exim 4). The economics of handling spam
(and spam bounces) can make this very attractive even for high traffic
operations.

It seems sensible that a system should not accept messages that won't be
deliverable. The whole "accept anything / bounce it later" model is not
IMHO the wave of the future, rather expending CPU at the boundary MTA (and
providing the infrastructure to make checks) conserves resources later on.

Of course there are issues with implementation - I seem to remember hotmail
having problems with distributing their user database to their outward
facing MTAs in the past. However, we're all familiar with the sight of
systems failing under the demands of handling *bounces* (to non-existent
senders?) following massive spam runs (dictionary attacks) against them.

 




--
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.30.2 | Report a Bug | By Email | System Status