North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMTP addresses in <>
On Jan 4, 2008 11:27 AM, Joe Greco <[email protected]> wrote: > > "Be liberal in what you accept, and > > That particular philosophy has done great wonders for e-mail and the spam > problem Joe, I've heard similarly unsubstantiated versions of this claim over and over. The fact is I've done quite a bit of development on anti-spam systems and the only protocol violation that has been consistently valuable for rejecting spam is the fire-and-forget violation. That's the one where they pipeline the entire send-side of the conversation in the first data packet without waiting for the banner or checking each response as it comes back. Its a terribly tempting optimization to the spam-sending process and not enough servers detect or reject it. Anti-spam activity at the protocol level is looking for behavioral signatures unique to spammer software. Protocol-correct signatures are just as valuable as protocol-incorrect ones but its all a game of whac-a-mole. Once a signature is identified and promulgated, the software exhibiting it either versions or falls out of use. A few months later the folks still nailed are the false positives. > > conservative in what you send" > > If only a more significant percentage of software was written in that > manner... I'll second that sentiment. Seth's customer is unambiguously wrong. Unfortunately, that doesn't make Seth right. Missing brackets has been a common SMTP error since the inception of the protocol, second only to incorrect end-of-line (LF instead of CRLF). If you want your implementation to be robust, you have to silently allow those common mistakes. Regards, Bill Herrin -- William D. Herrin [email protected] [email protected] 3005 Crane Dr. Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
|