SMTP AUTH

• Previous message (by thread): Slashdot: Providers Ignoring DNS TTL?
• Next message (by thread): SMTP AUTH
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2 May 2005, Edward B. Dreger wrote:

> DA> Date: Sun, 1 May 2005 21:09:50 -0400 (EDT)
> DA> From: Dean Anderson
> 
> DA> > http://www.merit.edu/mail/archives/nanog/199-11/msg00263.html
> DA> > http://www.merit.edu/mail/archives/nanog/199-11/msg00289.html
> DA>
> DA> Neither of these links actually work.  But it is "Draft Standard". That is
> 
> s,199,1999,

you need more than that:

http://www.merit.edu/mail.archives/nanog/1999-11/msg00289.html

I said: 

   "The SMTP AUTH RFC 2554 is standards track, but not standard. "

I was correct.

What's more interesting is what the other guy said: 

>Incorrect. It's a customer training issue, and a little development time
>on your part. If you can't use SMTP AUTH, don't. Use POP-before-SMTP.  
>Whip up a custom finger daemon to accept a username/password pair in the
>same manner. Create a webpage for your customers to enter a username and
>password on to authenticate themselves. Use a VPN. Use magic headers or
>subject lines that your MTA catches and uses as identity verification.
>Provide a web-based interface for your customer's email. Use UUCP.

Oh sure, its a customer training issue. Who's going to pay for that?

Yeah. Lets just "Whip up a custom finger daemon". What would be the
benefit?  Back then, it was to reduce spam, but this was a fallacy that I
recognized right away.

Sure, lets just make everyone use a VPN. Who's going to pay for that? And 
what's the benefit? 

Magic headers? UUCP?  What kind of drugs were they on? 

And what's even more interesting, looking back at 1999, is that open
relays were not being abused by commercial bulk emailers, but by
anti-spammers.  We tested this out in the late 1990s by submitting
non-production relays to blacklists and monitoring connections. After
scanning, they began getting abuse. I posted this back than, but it was
ignored.  Then, in the fall of 2003, when the major open relay blacklists
shutdown, open relay abuse JUST DROPPED OFF TO NOTHING. And when SORBS
started scanning, abuse picked back up again. Well, lamely.

In the old days we were usually hit by 200-300 IPs, and sometimes as many
as 2400+. The March abuse was only a little more than a dozen IPs. It was
the same old abuse pattern: targeted at mainly 2 Korean doamins: daum.net
and sayclub.com. Probably the same old extortion scam as before. They send
a lot of abuse, and then get daum.net and sayclub.com to use their
blacklist, eventually contributing money, of course.

But this time it was all "from: webmaster at av8.com". Previously, that was
kind of rare (one virus used "from: dean at av8.com", and abused our relays,
but this wasn't much).  In the old days, most of the open-relay zealots
didn't consider domain restricted relay to be open.  Though, ironically, I
did. This was a minority view, though.

And we caught Matthew Sullivan THREATENING MAILBOMBING---that is,
threatening to spam people. As his defense, he said he didn't know that
mailbombing was against the AUP(!?!) And MAPS employees were caught
**working for spammers**, and that very SAME spammer was on the FTC
anti-spam panel, which was stuffed with MAPS-associated people.  And we
caught (several times) blacklists being used for personal vendettas.
There's more.  The list is long and dishonorable.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

• Previous message (by thread): Slashdot: Providers Ignoring DNS TTL?
• Next message (by thread): SMTP AUTH
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]