North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

a note to those who would automate their rejection notices

  • From: Paul Vixie
  • Date: Sat Dec 27 14:09:05 2003

today AOL thoughtfully supplied the following to [email protected]:

  [email protected]
    SMTP error from remote mailer after initial connection:
    host mailin-02.mx.aol.com [64.12.137.89]:
    554-(RLY:B1)  The information presently available to AOL indicates this
    554-server is generating high volumes of member complaints from AOL's
    554-member base.  Based on AOL's Unsolicited Bulk E-mail policy at
    554-http://www.aol.com/info/bulkemail.html AOL may not accept further
    554-e-mail transactions from this server or domain.  For more information,
    554 please visit http://postmaster.info.aol.com.

this was in response to what the e-mail community refers to as a "trivial
forgery", whose salient headers were:

   Return-path: <[email protected]>
   Received: from port-212-202-52-233.reverse.qsc.de
		([212.202.52.233] helo=1-online-poker-video.com)
	by mx01.qsc.de with esmtp (Exim 3.35 #1)
	id 1AQIw9-0000bF-00; Sun, 30 Nov 2003 05:11:58 +0100
   Message-ID: <[email protected]>
   From: "Ediva Clapp" <[email protected]>

so once again we see, as in the case of the anti-virus rejection notices,
that my reward for having my domain name forged in spam that didn't come
from here, is to get mail from AOL telling me that they rejected it.  so,
i'll add this pattern to my own "drop silently" filters along with chaff
from symantec's products, network associates' products, and so on.

of the foundational principles which made the internet possible and which
made it different from alternatives such as OSI, very few remain.  one of
them was "must scale indefinitely".  a simple application of this principle
toward anti-virus and anti-spam automated rejection notices is to ignore
the envelope and ignore the header and just focus on the peer IP address:

   To: [email protected][212.202.52.233]

would have been a better destination for this.  it's standards-compliant,
and if the sender isn't an open proxy then they'll be able to get it, and
it will not needlessly increase the collateral damage toward the holders
of domains that were forged.

"don't make me stop this car, kids."

...and to all a good night.