ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Some data on the validity of MAIL FROM addresses

2003-05-18 19:10:39
from [Vernon Schryver] [Permanent Link] 
From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>



...

Of course yahoo will say 250 to pretty much anything.
So these addresses are "valid" in what sense exactly?


They said "no" to 16% of the messages I queried them on.  The 
specific message they used was:

553 VS10-RT Possible forgery or deactivated due to abuse (#5.1.1)

Can you show instances in which they say yes to messages they cannot deliver?


I was skeptical of the report that Yahoo defers no-such-user responses
until the DATA command, and so I made the obvious `telnet ... 25` test. 
I tried a perfectly valid message to an address that was very unlikely
to exist.  The Rcpt_To command was answered with at 250 response.  It
was not until the end of the DATA command that I got a 5yz.

Thus, Yahoo's "VS10-RT Possible forgery or deactivated due to abuse"
can reasonably be counted as "this account was owned by the spammer"
and while the 250's must be counted as "don't know".  (I doubt you'd
want to send unsolicited mail to any address that you suspect was
forged into spam.)

It occurs to me that delaying the 5yz-unknown-user response to the
DATA command could be handy for people running body filters.

Knowledgeable people have suggested that some dictionary attack
spammers first try random, practically certain to be invalid target
names before launching into their dictionaries in order to determine
if the target SMTP server answers 250-OK for bogus addresses.



 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]


] From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>

] ...
] Understood.  One reason I chose a recent sample was to try and avoid 
] missing accounts due shutdown.  Those tests were run within 24 hours 
] of the time I received the email.  Of course, we have no way of 
] knowing when the spammer set up their software, or how long they've 
] been using that particular account.

Some people use (or talk about using) a Rcpt_To test on sender
addresses to detect spam.  Their false positive and negative ratios
would be interesting.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Some data on the validity of MAIL FROM addresses, Scott Nelson
Next by Date:  Re: [Asrg] Some data on the validity of MAIL FROM addresses, Michael Rubel
Previous by Thread:  Re: [Asrg] Some data on the validity of MAIL FROM addresses, Kee Hinckley
Next by Thread:  Re: [Asrg] Some data on the validity of MAIL FROM addresses, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]