I recently became aware of just exactly what is causing a problem I've been
fighting off and on for more than a year, and since a lot of folks here are
interested in problems like this I'm going to go ahead and post about it.
Hopefully the heads-up will help some of y'all.
As a customer who has been victimized by the software package known as "E-mail
Defense Service", I suspect that most folks are not aware of a very nasty
characteristic behavior it has, which in my opinion make it unusable for most
proposed purposes.
[I am a customer who owns a number of domains, which are hosted at
TUCOWS/Domain
Direct. Although I have set those domains in the Domain Control Panel to turn
off ALL Domain Direct's antispam filtering (since it generated outrageously
unacceptable numbers of false positives), their "E-mail Defense Service"
unfortunately still is active and still causing grief for me, and for my
various
consulting clients whose domains are also hosted with TUCOWS/Domain Direct.]
The problem, in a nutshell, is that certain types of E-mail that it deems
"unacceptable" cause it to generate a HARD bounce message back to who it
BELIEVES is the sender of the message it received. This message is of the form
"551 Denied" followed by a brief reason text.
One example of a reason it might generate such a hard bounce is because the
incoming E-mail message contained a .PIF file attachment. Now, I agree that
virtually all PIF files arriving in folks' incoming mail are bogus, and
probably
dangerous. But it is NOT legitimate to generate a "Hard Bounce" because of
that.
There are at least two problems with this behavior.
1) The From: address of the incoming E-mail containing the PIF attachment is
probably bogus, having been faked by the virus or worm that generated and sent
the message... this causes the bounce message to be sent back to an unrelated,
probably innocent, third party...
2) The fact that a "Hard Bounce" message indicating a (probably innocent)
user
gets sent back to a third party can have nasty collateral damage for that
innocent user.
Specifically, as a concrete example, when Yahoogroups receives such a "hard
bounce" message that indicates (falsely!) that it involved one of their known
addressees, that "hard bounce" message causes Yahoogroups to mark that E-mail
address as "hard bouncing" and they DISCONTINUE ALL FURTHER E-MAIL SENDING to
that E-mail address until the situation is discovered by the victim, and
(manually!) cleared.
Although my machines here are NOT infected and did NOT generate any virus or
worm messages, and there is NO legitimate reason for my incoming mail to
generate a "Hard Bounce" (and this would NOT have been generated if any other
normal E-mail had been sent to me), now ALL my E-mails from ALL Yahoogroups
will
be suspended.
With the various viruses currently floating around the Net, I've had to clear
my
bouncing status with Yahoogroups no less than THREE times in the past week.
Worse, I had only JUST cleared one last Friday before leaving out of town for a
weekend trip, and came home at the end of the weekend to discover that my
account had been put BACK to "Hard Bouncing" status within a matter of hours
after I had left.
As a result:
1) I lost an ENTIRE WEEKEND'S worth of E-mail from the nearly 200
Yahoogroups that I am on (and I own or co-moderate almost sixty of those
groups!);
2) An overzealous moderator on one of the groups (where I am a co-moderator
of that group!) decided to simply delete all the group users who were
(supposedly) bouncing... so I was booted from that group, AND lost my
co-moderator status as a result!
3) I don't even know which of the other groups I may have been removed
from,
and (also) I don't know which other (non-Yahoogroups!) mailing lists I may be
on
which ALSO have received such "hard bounce" messages and ALSO removed me from
their mailing list...! :-(
After numerous telephone calls to Domain Direct over at least the last year or
two, and treating this problem as just a transient thing (everyone pointed
fingers at everyone else, until I finally got busy and did the detective work
to
prove that it was Domain Direct's "E-mail Defense Service" that was definitely
the perpetrator) things have finally risen to a crescendo that I simply cannot
continue to tolerate or overlook.
MXlogic, which apparently is responsible for the software, have been rude and
completely unsympathetic to the problem their software is causing me. They
said
I would have to contact "[my] provider", even though THEIR OWN mxlogic.com mail
server was guilty of precisely the same defective behavior (and how they
expected domaindirect.com to be able to do anything about mxlogic.com's own
INTERNAL problem is astonishing!).
Neither MXlogic nor Domain Direct have thus far been able to fix the problem,
even when it is clearly described to them, and when they have been able to
duplicate the same defective behavior I reported to them (and HAVE BEEN
reporting to Domain Direct for more than a year!).
Worse, apparently, EVERYBODY who uses Domain Direct as their domain provider
(and they are one of the bigger domain provider companies) is being victimized
by this defective "E-mail Defense Service", and probably hasn't even figured
out
(as I eventually have) just what the problem is, and maybe haven't even
realized
yet that they HAVE the problem.
[If you would like to test to see if your own ISP or domain service provider is
victimizing your E-mail account because of this defective behavior, send an
E-mail to your domain and attach a known-good PIF file attachment... you should
be able to find one or more of them in your C:\WINNT or C:\WINDOWS directory,
and they should be less than 1K bytes in size. If you get a hard bounce
message
returned, perhaps indicating that the PIF is 'infected' even when you know that
it isn't, then you will know that your E-mail is similarly being defectively
handled. In this case, I urge you to contact your domain provider or ISP and
raise holy hell with them until they fix this!]
In short, "E-mail Defense Service" (as provided by the apparent partnership of
some sort between MXlogic and TUCOWS/DomainDirect) is SERIOUSLY DEFECTIVE. If
it detects an "unacceptable" E-mail based on content, it is UNACCEPTABLE for
the
software to generate a HARD BOUNCE back, and DOUBLY so when they cannot be
assured that the IP address they send the bounce message to is in _fact_ even
the mail server that they received the questionable E-mail from.
As a member of this ASRG group, I am certainly aware of, and sensitive to, the
problem of spam and E-mail abuse by worms and viruses. But in trying to deal
with that problem, it is NOT acceptable for "defense" software to in fact cause
MORE problems (and to INNOCENT THIRD PARTY VICTIMS!) than the original
worm-generated or spam E-mails themselves did...!
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections! http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg