SMTP addresses in <>
William Herrin
herrin-nanog at dirtside.com
Fri Jan 4 17:17:50 UTC 2008
On Jan 4, 2008 11:27 AM, Joe Greco <jgreco at ns.sol.net> wrote:
> > "Be liberal in what you accept, and
>
> That particular philosophy has done great wonders for e-mail and the spam
> problem
Joe,
I've heard similarly unsubstantiated versions of this claim over and
over. The fact is I've done quite a bit of development on anti-spam
systems and the only protocol violation that has been consistently
valuable for rejecting spam is the fire-and-forget violation. That's
the one where they pipeline the entire send-side of the conversation
in the first data packet without waiting for the banner or checking
each response as it comes back. Its a terribly tempting optimization
to the spam-sending process and not enough servers detect or reject
it.
Anti-spam activity at the protocol level is looking for behavioral
signatures unique to spammer software. Protocol-correct signatures are
just as valuable as protocol-incorrect ones but its all a game of
whac-a-mole. Once a signature is identified and promulgated, the
software exhibiting it either versions or falls out of use. A few
months later the folks still nailed are the false positives.
> > conservative in what you send"
>
> If only a more significant percentage of software was written in that
> manner...
I'll second that sentiment. Seth's customer is unambiguously wrong.
Unfortunately, that doesn't make Seth right. Missing brackets has been
a common SMTP error since the inception of the protocol, second only
to incorrect end-of-line (LF instead of CRLF). If you want your
implementation to be robust, you have to silently allow those common
mistakes.
Regards,
Bill Herrin
--
William D. Herrin herrin at dirtside.com bill at herrin.us
3005 Crane Dr. Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG
mailing list