Re: MTAs denying messages (was: Re: Moderated posts?)

To: debian-user <debian-user@lists.debian.org>
Subject: Re: MTAs denying messages (was: Re: Moderated posts?)
From: Joel Rees <joel.rees@gmail.com>
Date: Mon, 13 Oct 2014 10:24:28 +0900
Message-id: <[🔎] CAAr43iPjskq9TyFod9VymJszWm3Ye5byDWe2tuGcnupFcsUwdw@mail.gmail.com>
In-reply-to: <[🔎] 878ukkvmtw.fsf_-_@yun.yagibdah.de>
References: <[🔎] 20141006174214.1c56066d@mydesq2.domain.cxm> <[🔎] 87bnph2whh.fsf@yun.yagibdah.de> <[🔎] CAAr43iO6deoipA=OC_y28tr+arhMRv6OsgEGA95__LcTPQ7KTw@mail.gmail.com> <[🔎] 878ukkvmtw.fsf_-_@yun.yagibdah.de>

On Mon, Oct 13, 2014 at 9:24 AM, lee <lee@yagibdah.de> wrote:
> Joel Rees <joel.rees@gmail.com> writes:
>
>> (But in this case, absolutely requiring a response would be building a
>> DOS and potential privacy vulnerability into the message
>> infrastructure. The RFCs really should be stored with a summary of
>> relevant comments.)
>
> Could you explain how an MTA would create a privacy vulnerability or
> expose itself to DOS attacks by not accepting messages?
>
> For example, my MTA does not accept messages that have an empty Subject:
> header.  How does that expose my privacy or allow for DOS attacks?

Somebody mentioned both the problem and the usual solution later in
the thread, but, laying it out in more detail:

I have an e-mail address my ISP gave me. Back almost twenty years ago,
when the internet was still a bit safe for naive use, I put my
isp-provided e-mail address in my home page. For the last fifteen
years, I've had to periodically clear that mailbox of junkmail, a
thousand in a week at the worst times, down to about a hundred a week
now.

I'd change the address, but a junkmail magnet is actually an
interesting resource.

Every now and then, I still get a spate of junkmail there, where the
to: field has a long list of semi-random names@isp.tld . I know those
names are bogus because I know there are not that many users at this
isp who have registered themselves with English names. Rather amusing.

What are the junkmailers doing? Shotgun mailing the isp with possible
user names.

If the isp responds with a code that says my user-id is valid, the
junk mailer knows he has a live address.

If the isp responds to the bad ones with an invalid user-id code, any
user-id that doesn't get that response is assumed live. There's your
privacy problem.

If the isp accepts the message without acknowledging the existence of
the user id, and then later sends an undelivered message, that's still
revealing what user-ids in the random attack were valid, and it also
amplifies the attack -- backscatter. Wikipedia's current article is
fairly informative, check the references, too.

    http://en.wikipedia.org/wiki/Backscatter_%28email%29

If the sending box is a bot, it will disappear by the time a delayed
rejection message is sent, which will cause a host-not-found message
from somewhere. This also amplifies traffic.

There have been several relatively well-known cases where this kind of
opportunistic junkmail temporarily took an isp off the network.

Searching the web for such things as "backscatter spam" should get you
more information.

-- 
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart,
and ask yourself if you are not your own worst enemy.

Reply to:

Follow-Ups:
- Re: MTAs denying messages (was: Re: Moderated posts?)
  - From: Joe <joe@jretrading.com>
- Re: MTAs denying messages
  - From: lee <lee@yagibdah.de>

References:
- Moderated posts?
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: Moderated posts?
  - From: lee <lee@yagibdah.de>
- Re: Moderated posts?
  - From: Joel Rees <joel.rees@gmail.com>
- MTAs denying messages (was: Re: Moderated posts?)
  - From: lee <lee@yagibdah.de>

Prev by Date: Re: [exim4] mixed up about terminology
Next by Date: Re: Moderated posts?
Previous by thread: MTAs denying messages (was: Re: Moderated posts?)
Next by thread: Re: MTAs denying messages (was: Re: Moderated posts?)
Index(es):
- Date
- Thread