From: J C Lawrence <claw(_at_)kanga(_dot_)nu>
Having just received in excess of 80,000 bounces at kanga.nu for spam
with a From: and Return-Path of claw(_at_)kanga(_dot_)nu, I can confirm that
this
indeed happens. (Less amusing are the people on my lists who are
automatically unsubscribed by bounces from virus forgeries)
The fact that both the above can happen demonstrates protocol holes.
It's not clear whether they are "protocol holes", "protocol limitations,"
"undesirable implications of desirable protocol features," or something
else.
Vernon might also like to note that not all mail from the .nu TLD is
spam:
...
I've blacklisted .nu because of floods of spam and a lack of working
WHOIS database. Yours is the only non-spammer .nu address from which
I've ever received mail, but far from the only .nu address that has
sent mail in my direction. As far as I can tell, .nu is like .biz,
.bz, and several other generally excellent TLD indicators of spam.
Yesterday or perhaps this morning I added a line to whitelist the
duplicate copies of your words that you feel I need to see. I guess
I should check to see if it worked.
...
Its so pleasing to see my mail to this list, CC'ed to Vernon, declared
as spam to the world. Quite a nice sample case for our discussions.
Are you sure of the nature of the sample case? In points of fact:
0. I trust you know that an SMTP rejection message is not an announcement
to the world or anyone except in private to the sender of the mail.
I assume you're talking about the "Sent to DCC" part of the SMTP
rejection message.
1. reporting a message to the DCC with a count of "many" does not cause
it to be "declared as spam to the world" but merely "definitely bulk".
The DCC can only say "that is bulk." Use of the DCC requires
white-listing sources of solicited bulk mail. Since your messages
have been duplicate copies of bulk mailing list traffic, there's
nothing inaccurate about reporting them as "definitely bulk."
3. because I had heard rumors that not all .nu domains are owned by
spammers, for some time I've blacklisted .nu senders with "reject"
instead of "discard" so that hypothetical false positives would get
bounces instead of silence.
4. the lack of working whois server for .nu should imply something
in discussion about the usefulness of authentication for stopping
spam. Yes, I know the .NU whois server answers, but it says useless,
anti-authenticating things like:
Domain Name (UTF-8): kanga.nu
Record ID: 10070.
Record last updated on 09-Mar-2002.
Record expires on 28-Feb-2004.
Record created on 28-Mar-1998.
Record status: Active.
Domain servers in listed order:
NS1.EASYDNS.COM 205.210.42.21
REMOTE1.EASYDNS.COM 208.247.106.167
NS2.EASYDNS.COM 205.210.42.22
5. Could you remind me why I need to see two copies of your words?
One reason I didn't immediately take time to whitelist your mail
was to see if your mail system (Exim?) detects the 5yz result of
the DATA command and if you would see the bounces and stop sending
me unasked for duplicates.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg