Re: [Asrg] Verizon's asymmetrical anti-spam causing problems
"Richard Johnson" <rdump@river.com> Tue, 08 March 2005 21:36 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA22539 for <asrg-web-archive@ietf.org>; Tue, 8 Mar 2005 16:36:53 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D8mQL-0001mV-37 for asrg-web-archive@ietf.org; Tue, 08 Mar 2005 16:39:29 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D8mLy-0001LZ-6L; Tue, 08 Mar 2005 16:34:58 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D8mLx-0001LU-7P for asrg@megatron.ietf.org; Tue, 08 Mar 2005 16:34:57 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA22420 for <asrg@ietf.org>; Tue, 8 Mar 2005 16:34:54 -0500 (EST)
Received: from yampa.river.com ([206.168.112.68] helo=mdev.river.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D8mOP-0001km-V4 for asrg@ietf.org; Tue, 08 Mar 2005 16:37:30 -0500
Received: from localhost (v13.river.com [206.168.117.188]) by mdev.river.com (Postfix) with ESMTP id 8B0A423F49; Tue, 8 Mar 2005 14:34:48 -0700 (MST)
Mime-Version: 1.0
Message-Id: <p05210602be53c7a5e758@localhost.>
In-Reply-To: <200503072057343.SM04624@sk.cybercominc.com>
References: <200503072057343.SM04624@sk.cybercominc.com>
Date: Tue, 08 Mar 2005 14:33:27 -0700
To: asrg@ietf.org
From: Richard Johnson <rdump@river.com>
Subject: Re: [Asrg] Verizon's asymmetrical anti-spam causing problems
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
Cc: Peter Kay <peter@titankey.com>
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88
At 20:55 -1000 on 2005/03/07, Peter Kay wrote: > Has anyone else had problems with [verizon's attempts at sender address > verification]? I did quick check on their site and didn't find anything. Heh, you should not expect Verizon, a provider that in the aggregate sends much spam due to their poor control of their own network, to trumpet the brokenness of their own anti-spam measures. That brokenness is inherent, and is exacerbated by Verizon's attempts being assymetric in IP space as well as in email address space. Their assymetry neatly dodges reciprocal whitelists, in both IP space and email address space. Given the spam DoS load that Verizon's networks present to our servers, we necessarily have Verizon's domain and networks blocklisted, except for specific addresses our users have individually whitelisted. Given Verizon's demonstrated lack of control of their own network, that is a reasonable and prudent anti-spam measure. Furthermore, when one of our users sends mail to Verizon, we can set up additional reciprocal whitelists to allow replies from both the destination network and the destination email address. Sadly for Verizon, their misguided attempt at sender address verification dodges both. Rather than attempting their "verification" from the same network as the destination MX, they connect from an entirely different network, thus missing the whitelisting. Worse, rather than using the original recipient's email address as the MAIL FROM in their verification attempt, they pick something nonsensical and spammer-like, missing that whitelisting as well. Add in their attempts to "verify" forged sender addresses, and they have an even bigger problem. They're constantly making unsolicited address-guessing connections to our servers. So, in essence, Verizon is not doing sender address verification. They're instead attempting what looks like nothing more than a dictionary attack against our servers. After a certain number of bogus address attempts, this escalates their blocklist entries to the firewall, by design trumping all whitelisting they might otherwise have been granted. The end result is they have, by design or incompetence, totally shut down mail to their users from those not-spam networks who have to generally block address-guessing attacks and the ongoing spam load emanating from Verizon's networks. > Have there been any BCP or equivalent on email address verification? I > haven't easily found any. The BCP is: Don't try to do sender address verification. You almost certainly can't do it right. Even if you don't make Verizon's very braindead mistakes, you can't connect out-of-band from the original SMTP connection and hope to retain or regenerate enough state to tell whether a given FROM and TO pair of IPs and email addresses will work symmetrically. Richard _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Verizon's asymmetrical anti-spam causing p… Peter Kay
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Josh Rollyson
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Jose Marcio Martins da Cruz
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Steven G. Willis
- RE: [Asrg] Verizon's asymmetrical anti-spam causi… Dennis Dayman
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Richard Johnson
- Re: [Asrg] Verizon's asymmetrical anti-spam causi… Florian Weimer