[Top] [All Lists]

Re: Bounce/System Notification Address Verification

2005-06-30 12:03:51

From: "Bruce Lilly" <blilly(_at_)erols(_dot_)com>

The point is that store-and-forward implies accept-and-bounce (except
of course for a null reverse path).

What, you might ask, are the implications?  For one, it means collateral
damage caused by such systems accepting joe-job spam then bouncing to
the joe-job victim when the downstream host finally determines that
there's no such recipient.  If you've received any such bounces, you
may know that such system configurations are not uncommon.  For CBV, it
means that acceptance by such a system's MX host doesn't mean diddly.

It implies one of four possibilities.

- GOOD: ther you did a RCPT TO validation
- BAD/GOOD: You are performing a delay validation (as you describe)
- BAD: You are an open relay
- BAD: You are a zombie (open relay)

If the remote host had any concern for today's issues, it will do an dynamic

Delay validation is no longer recommended, and open relays is a "MUST NOT"
operation today.

This is why a good second RCPT TO: check on a random address has alot of
value because it help detect which of the above the host is operation.

Systems which accept random address (non local domains) are not part of the
solution. They are all intent and purpose open relays and will most likely
get black listed in some DNS RBL site.

Now, consider the result codes.  Lets suppose you are not an open relay, you
are indeed a delay validation system.  In this case, you will get a positive
result code hence the CBV passes the test.

    MAIL FROM:<>
    250 OK
    RCPT TO:<return-path>
    250 OK
    RCPT TO: <random address/domain>
    55x User not found
    55x Only 1 RCPT per NULL address

The CBV passes the test and the mail goes thru.

This has nothing to do with Multiple RCPT per NULL lines because that is
easily circumvented using a RSET.

The only issue is the idea of whether you believe an OPEN RELAY is still
valid today or not.  This had its usages in the past and probably even
today, but under an authorized session only.

In today's environment an unauthorized open relay behavior is not an
acceptable mode of operation today.  It causes too many problems such as
bounce attacks.

Hector Santos, Santronics Software, Inc.