I just spent an hour fighting this and thought that if someone else was
fighting it, I would try and help them.
Short version: Messages direct to the poster from ilap.com were actually
due to a user who had subscribed from webnewsmanagement.com.
When people posted to one of my lists, they got a bounce from ilap.com
saying that they had no permission to send mail to this person (who I am
not naming as an individual). There was absolutely no information about
what message had been sent -- no headers, message id, original address,
translated address, or anything else, just a note that you should visit a
particular web site for permission to write to someone. It almost looked
like some sort of spam address probe, but it was irregular, and always came
to only one of my addresses.
After some time, it was finally determined which list was affected - I was
not even sure that it was one of my lists until someone complained to me
about the same message and I managed to determine which lists we had in
common and he had a better feel for what was causing the bounces (he posted
-- he got a bounce). I was about ready to write to everyone on the list
with tagged addresses, when I finally decided to match timestamps on three
of the bounces -- at least they kept a good clock.
The "webnewsmanagement.com" was another clue --- it just seemed like the
sort of domain that would be used by someone who would hose up a bounce
this badly....
When I sent him a probe message, it became clear that he was, as I
suspected, parsing the address out of the From: headers while ignoring the
RFC821 origin, and that he was doing a poor job of that - I first tried a
tagged address with a plus in it and he broke the address there and just
sent to the second half of the address - so I used a tagged address with a
"." in it (I have a pseudo-system - spameater - that uses postfix
translation to translate njs.whatever.you.want@spameater.squawk.com to
njs+whatever.you.want@squawk.com --- there are a lot of places that do not
believe that a + is a legal character in the local part of an address,
which, of course, it is). Then I sent him a message that would bounce to
his postmaster - I have no idea if he is his own postmaster. Or maybe he
accepts messages from his postmaster, and he will read my message.
In any case, this does not happen to me that often, and if someone else had
run into this and had posted here it would have saved me an hour of
investigation. I could have sent everyone who was subscribed to one-off
postings on the list a probe, but I hate to do that, it is sort of a last
resort for me, and, frankly, my first inclination would probably to have
just varied the Mail From: part of the address, and not the RFC822 From:,
and I would have then had to send a second probe. Normally Majordomo2 will
work this sort of thing out without any intervention, but if they
completely ignore the mail from: tags, I don't see any hope.
Funny -- especially with the Microsoft antitrust win -- or maybe really scary:
http://www.ucomics.com/foxtrot/2002/10/31/
--
Take The Boulder Pledge Today
"Under no circumstances will I ever purchase anything offered to me as the
result of an unsolicited e-mail message. Nor will I forward chain letters,
petitions, mass mailings, or virus warnings to large numbers of others.
This is my contribution to the survival of the online community." - Roger
Ebert -- nor will I vote for any candidate who solicits my vote via e-mail.
Nick Simicich - njs@scifi.squawk.com
|
|
