Great Circle Associates List-Managers
(November 2002)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: I just spent an hour fighting this...
From: Nick Simicich <njs @ scifi . squawk . com>
Date: Sun, 03 Nov 2002 06:24:04 -0500
To: list-managers <list-managers @ greatcircle . com>

I just spent an hour fighting this and thought that if someone else was 
fighting it, I would try and help them.

Short version:  Messages direct to the poster from ilap.com were actually 
due to a user who had subscribed from webnewsmanagement.com.

When people posted to one of my lists, they got a bounce from ilap.com 
saying that they had no permission to send mail to this person (who I am 
not naming as an individual).  There was absolutely no information about 
what message had been sent -- no headers, message id, original address, 
translated address, or anything else, just a note that you should visit a 
particular web site for permission to write to someone.  It almost looked 
like some sort of spam address probe, but it was irregular, and always came 
to only one of my addresses.

After some time, it was finally determined which list was affected - I was 
not even sure that it was one of my lists until someone complained to me 
about the same message and I managed to determine which lists we had in 
common and he had a better feel for what was causing the bounces (he posted 
-- he got a bounce).  I was about ready to write to everyone on the list 
with tagged addresses, when I finally decided to match timestamps on three 
of the bounces -- at least they kept a good clock.

The "webnewsmanagement.com" was another clue --- it just seemed like the 
sort of domain that would be used by someone who would hose up a bounce 
this badly....

When I sent him a probe message, it became clear that he was, as I 
suspected, parsing the address out of the From: headers while ignoring the 
RFC821 origin, and that he was doing a poor job of that - I first tried a 
tagged address with a plus in it and he broke the address there and just 
sent to the second half of the address - so I used a tagged address with a 
"." in it (I have a pseudo-system - spameater - that uses postfix 
translation to translate njs.whatever.you.want@spameater.squawk.com to 
njs+whatever.you.want@squawk.com --- there are a lot of places that do not 
believe that a + is a legal character in the local part of an address, 
which, of course, it is). Then I sent him a message that would bounce to 
his postmaster - I have no idea if he is his own postmaster.  Or maybe he 
accepts messages from his postmaster, and he will read my message.

In any case, this does not happen to me that often, and if someone else had 
run into this and had posted here it would have saved me an hour of 
investigation.  I could have sent everyone who was subscribed to one-off 
postings on the list a probe, but I hate to do that, it is sort of a last 
resort for me, and, frankly, my first inclination would probably to have 
just varied the Mail From: part of the address, and not the RFC822 From:, 
and I would have then had to send a second probe.  Normally Majordomo2 will 
work this sort of thing out without any intervention, but if they 
completely ignore the mail from: tags, I don't see any hope.

Funny -- especially with the Microsoft antitrust win -- or maybe really scary:
http://www.ucomics.com/foxtrot/2002/10/31/

--
Take The Boulder Pledge Today
"Under no circumstances will I ever purchase anything offered to me as the 
result of an unsolicited e-mail message. Nor will I forward chain letters, 
petitions, mass mailings, or virus warnings to large numbers of others. 
This is my contribution to the survival of the online community."  - Roger 
Ebert -- nor will I vote for any candidate who solicits my vote via e-mail.
Nick Simicich - njs@scifi.squawk.com

Indexed By Date Previous: Re: ISPs Wrongly Block 1 in 8 Messages for Spam
From: J C Lawrence <claw@kanga.nu>
Next: WSJ spam article
From: Beartooth <karhunhammas@Lserv.com>
Indexed By Thread Previous: AOL & Hotmail Email Client Changes
From: "Tatum, Rich" <rich@ChristianityToday.com>
Next: WSJ spam article
From: Beartooth <karhunhammas@Lserv.com>

Google
 
Search Internet Search www.greatcircle.com