[Top] [All Lists]

Re: NDNs considered harmful

2010-08-13 07:34:15

[ On-list or off-list replies only, please; never both. ]

On Thu, Aug 12, 2010 at 08:36:08PM -0400, Hector Santos wrote:
The valid return path is a SMTP requirement and it MUST be valid at
the time it is issued by the sender.  Testing it is a VALID option
to perform for the simple reason ERROR REPORTING is a required
possibility.  It must not be invalid.

Welcome to 2010.  That's all very nice, but practical reality
overrides it.  The RFCs allow many things, but some of those
are no longer a very good idea, and some of them are downright
dangerous.  Or to put it another way, de facto operational practice
supersedes de jure specifications indicating what we *could* do,
if we were freed of all constraints imposed by reality.

I don't see how it allows spammers to bypass security measures. 

That's probably because you haven't read the original source material
that I referenced. [1]  Extensive analysis of this technique was done
during the summer of 2004 on spam-l, when we caught the incompetent
morons at Verizon doing it. That analysis conclusively demonstrates that
callbacks (that is: callbacks to external sites, not call forwards to
internal sites, which are quite useful in some cases) support, enable
and facilitate spam and DoS/DDoS attacks.

This is so well established, by the way, that it's a BCP to blacklist
those caught doing it, and there are multiple public and private resources
which do exactly that.

More generally, any putatively defensive technique which permits unknown
third parties to generate outbound traffic from *your* operation to
arbitrary destinations of *their* choosing is clearly a very bad idea.


[1] For example, and this condensed outline of just one of many possible
scenarios is NOT a substitute for reading the original source material:
consider what happens when an abuser registers a throwaway domain and
points the MX's for it at the victim's MX's, then uses a few million
zombies to simultaneously send traffic putatively from that throwaway
domain to mail servers which use callbacks.  This is not a theoretical
attack, by the way.