At 01:20 AM 4/9/2003 -0600, you wrote:
Is there a chance that a verry important email I write will get stuck in a
honeypot never to be heard from again?
I've not seen it in my honeypot - want me to look again?
Let's review relays. If you use something like Eudora then you have an
SMTP server specified in that. Your outgoing mail is sent, using the SMTP
protocol, to that server. IF that server has MX records so that mail to it
can go to a number of different IPs, in case the server itself is down for
some reason, that makes no difference to Eudora. Eudora doesn't use the
MX records - if your SMTP server won't take the mail it gets stuck on your
system. The server, once the email message is received, tries to deliver
the email directly to the destination, except it checks the MX records and
tries to send it first to the IP with the lowest-numerically parameter in
the MX records.
That's it. Your server does not hunt around for any open relay to deliver
the email. If the honeypot doesn't show up in the MX records for a server
then your email never ever goes to that honeypot. TCP/IP looks for routes
to route around difficulties, SMTP just uses what it's told (via DNS and MX
records. Your email will never get to the honeypot. Email to you may
easily get to the honeypot - that email is of the type called "spam." (Do
you want it? Too bad - I'm not going to dleiver it any time soon. Tell
the spammer he can't trust the relays any more - if he wants the email
delivered he'd better send it direct, just like everyone else. Do you not
want it? If he sends the email direct block all the spammer's IPs.)
Spammers, on the other hand, don't work that way. Spammers who use open
relays find the IP number of the open relay and connect directly to
that. They, like Eudora, pay no attention to the MX records. Recall that
spammers don't care a whit about following the rules - they just want their
spew delivered. They find an IP that will accept and deliver email, they
send spam to that IP, they trust it will be delivered. Most of the time
their trust is justified. Notice, in particular, that the IP need not have
any MX record, need not have any DNS record. If you'll check the spamware
used to search for open relays you'll find that it has a box to enter the
staring IP number and a box to enter the ending IP number. It checks the
range between those numbers. (That's one particular spamware open relay
detection program that has a screen shot on a we page. Surely there are
other ways to search for open relays - it's not really a big point, other
than that the spammers don't go by name.) A spammer could go by name - in
that case a honeypot with no name wouldn't be found by that spammer.
So, although the subject of the email for you caught by the honeypot might
have the word "Urgent" in it the chance of your actual important email
being caught is zero. Your valid email doesn't go through "randomly"
selected relays. Your spam may.
The same argument holds for open proxies - your SMTP server does not try to
send your email through another system using a proxy on that system.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg