ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?)

2003-05-29 14:44:18
from [Bob Wyman] [Permanent Link] 
Yakov Shafronovich wrote:

According to section 4.2.2 of RFC 2821, the "550" error 
code means the following:... 550 Requested action not 
taken: mailbox unavailable (e.g., mailbox not found, no 
access, or command rejected for policy reasons)

        Ok. Perhaps it was a bit strong to say that it was a "lie."
Nonetheless, it would appear that spammer's programs are, in fact,
pretty much helpless in determing whether the "550" was issued due to a
mailbox not existing or because of "policy reasons." They are pretty
much stuck with either removing the address that failed from their
databases or providing legitimate reply-to/From addresses and trying to
deal with the C/R process. If this method propogates, then spammers will
find that their databases of addresses will be getting trimmed... It
would also seem reasonable that other policies could be used to
similarly confuse spammers. For instance, issuing "550" errors when rate
limits are exceeded, when senders are found to be on black-lists, etc.
        This policy of selectively issuing "550" errors seems to
conflict with another practice that has been gaining some acceptance and
that is to *never* issue a "550" even if a mailbox doesn't exist. Some
mail providers have stopped issuing "550's" in an attempt to make it
more difficult for people to do dictionary attacks on their servers.
(i.e. if the server won't tell you what mailboxes are *not* valid, you
can't figure out which ones *are* valid...) So, one group says part of
the solution is to never issue a "550" and another group says that part
of the solution is to issue them more frequently than you might normally
issue them... 

        Off-Topic: I wonder if the fact that issuing a "550" for "policy
reasons" is explicitly mentioned in RFC2821 might call into question the
validity of any patent claims that explicitly use the method defined in
the RFC... One might claim that the RFC's provision of a means to reject
for "policy reasons" did, in fact, anticipate precisely the methods
being discussed here.

                bob wyman

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?), Barry Shein
Next by Date:  Re: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?), waltdnes
Previous by Thread:  Re: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?), Eric Brunner-Williams in Portland Maine
Next by Thread:  RE: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?), Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]