munging email - Mandriva

This is a discussion on munging email - Mandriva ; On 2008-10-24, Bit Twister wrote: > On Fri, 24 Oct 2008 15:57:35 +0100, Whiskers wrote: >> >> It's inconsiderate to use a domain name that belongs to someone else, or >> might do at some time. However improbable you might ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 37 of 37

Thread: munging email

  1. Re: munging email

    On 2008-10-24, Bit Twister wrote:
    > On Fri, 24 Oct 2008 15:57:35 +0100, Whiskers wrote:
    >>
    >> It's inconsiderate to use a domain name that belongs to someone else, or
    >> might do at some time. However improbable you might think a paricular
    >> name is.
    >>
    >> That parpticular one has in fact been registered:
    >>
    >> $ whois mouse-potato.com

    >
    > Yes, but the mouse-potato.com owner enjoys seeing people using
    > mouse-potato.com since that is why he registered it.
    >
    > Do a ping -c1 mouse-potato.com and check out the ip address.


    With an invalid (improper?) IP number in the DNS set-up, that domain is
    unlikely to get very far as the From address in an email. Nor should it,
    in my opinion. Using it in usenet is an entirely different matter. If it
    makes even one spam-spewing system give itself indigestion, that's fine
    by me )

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  2. Re: munging email

    On Fri, 24 Oct 2008 13:39:19 -0400, Whiskers wrote:

    > Some people like Spam )


    When it goes directly to a blocklist's spamtrap, sure. See q7 at
    http://www.uceprotect.net/en/index.php?m=2&s=0 and
    http://www.uceprotect.net/en/index.php?m=3&s=3
    for their listing criteria.

    I used to ocassionally redirect it to my ip, just to see what kind of
    volume it gets. Uceprotect have given me access to their logs
    for mail sent to nomail.afraid.org. Checking yesterday's logs shows
    mail sent to it from 351 seperate ip addresses, with 19 of those
    being added to the blocklist, as a direct result. (i.e., they weren't
    already on the list).

    Most of the "to addresses" look like message ids. Some are for an
    address I haven't used in three years. There are at least a dozen
    people using it, who's addresses have made it to the spammers lists of
    sellable email addresses, judging by the volume per address.

    Almost all of the from ip addressess look like end user trojaned
    systems. The faster they get on the blocklist, the better.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  3. Re: munging email

    Whiskers wrote:
    > On 2008-10-24, Bit Twister wrote:
    >> On Fri, 24 Oct 2008 15:57:35 +0100, Whiskers wrote:
    >>> It's inconsiderate to use a domain name that belongs to someone else, or
    >>> might do at some time. However improbable you might think a paricular
    >>> name is.
    >>>
    >>> That parpticular one has in fact been registered:
    >>>
    >>> $ whois mouse-potato.com

    >> Yes, but the mouse-potato.com owner enjoys seeing people using
    >> mouse-potato.com since that is why he registered it.
    >>
    >> Do a ping -c1 mouse-potato.com and check out the ip address.

    >
    > With an invalid (improper?) IP number in the DNS set-up, that domain is
    > unlikely to get very far as the From address in an email. Nor should it,
    > in my opinion. Using it in usenet is an entirely different matter. If it
    > makes even one spam-spewing system give itself indigestion, that's fine
    > by me )
    >


    Since the IP address has been listed once above, and mentioned here,
    should I mention that mouse-potato.com resolves to

    127.0.0.1 localhost

    An impressive way to address your own machine.

    Cheers!

    jim b.

    --
    UNIX is not user unfriendly; it merely
    expects users to be computer-friendly.

  4. Re: munging email

    Whiskers wrote:
    > On 2008-10-24, Frank Peelo wrote:
    >
    >>Dave Farrance wrote:
    >>
    >>>faeychild wrote:
    >>>
    >>>
    >>>
    >>>>I though you may have been onto it then. but it bounces invalid.invalid
    >>>
    >>>
    >>>Did you just put invalid.invalid? It commonly needs to be in the "form"
    >>>of a real email address. Try x@x.invalid

    >>
    >>What about me@mouse-potato.com ? Is that regarded as a nasty thing to
    >>do? mouse-potato.com resolves to 127.0.0.1.
    >>
    >>Frank

    >
    >
    > It's inconsiderate to use a domain name that belongs to someone else, or
    > might do at some time. However improbable you might think a paricular
    > name is.


    Did I say it was improbable? I /did/ say in my previous post
    "mouse-potato.com resolves to 127.0.0.1" -- in other words, it is a
    valid domain name which someone has set up, to redirect back to the
    sender. I have no connection with whoever set it up, but it was
    obviously supposed to be a loopback.

    So if some spammer starts sending to that address, I would expect the
    spammer to spam only itself.

    And the question was whether that would be regarded as a nasty thing to
    do; the consensus seems to be: not suitable for email, but good in
    newsgroups.

    Frank

  5. Re: munging email

    On 2008-10-28, Frank Peelo wrote:
    > Whiskers wrote:
    >> On 2008-10-24, Frank Peelo wrote:
    >>
    >>>Dave Farrance wrote:
    >>>
    >>>>faeychild wrote:
    >>>>
    >>>>
    >>>>
    >>>>>I though you may have been onto it then. but it bounces invalid.invalid
    >>>>
    >>>>
    >>>>Did you just put invalid.invalid? It commonly needs to be in the "form"
    >>>>of a real email address. Try x@x.invalid
    >>>
    >>>What about me@mouse-potato.com ? Is that regarded as a nasty thing to
    >>>do? mouse-potato.com resolves to 127.0.0.1.
    >>>
    >>>Frank

    >>
    >>
    >> It's inconsiderate to use a domain name that belongs to someone else, or
    >> might do at some time. However improbable you might think a paricular
    >> name is.

    >
    > Did I say it was improbable? I /did/ say in my previous post
    > "mouse-potato.com resolves to 127.0.0.1" -- in other words, it is a
    > valid domain name which someone has set up, to redirect back to the
    > sender. I have no connection with whoever set it up, but it was
    > obviously supposed to be a loopback.


    Or a mistake. I've seen that mistake before, with other domain names
    which are not intended to be tricks or jokes. But even if the current
    'owner' of that domain has done that on purpose, subsequent owners of it
    might have other ideas - so my statement still stands.

    > So if some spammer starts sending to that address, I would expect the
    > spammer to spam only itself.
    >
    > And the question was whether that would be regarded as a nasty thing to
    > do; the consensus seems to be: not suitable for email, but good in
    > newsgroups.
    >
    > Frank


    Not possible for sending email, but tolerated in usenet (although not by
    all services providing posting access).

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  6. Re: munging email

    On Tue, 28 Oct 2008 06:39:09 -0400, Frank Peelo wrote:

    > "mouse-potato.com resolves to 127.0.0.1" -- in other words, it is a
    > valid domain name which someone has set up, to redirect back to the
    > sender. I have no connection with whoever set it up, but it was
    > obviously supposed to be a loopback.


    When the swen email worm was active, I looked at the various hostnames in
    use, that resolved to a 127/8 address, but as I couldn't contact any of the
    owners, I set up my own.

    In my opinion, the hostname should not be used without the permission of
    the owner, even if it seems obvious, that it's intended to be used that way.

    I registered nomail.afraid.org, and have given blanket permission to use
    it for usenet from addresses.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  7. Re: munging email

    David W. Hodgins wrote:

    > In my opinion, the hostname should not be used without the permission of
    > the owner, even if it seems obvious, that it's intended to be used that
    > way.


    Except for the arguments about not mungeing the From at all, munged From
    are best to use a completely invalid domainname, such as .invalid -- not
    something else and not something 'cute-sy'. A significant percentage of
    the time that people try to do something cute, the result is some
    unnecessary burden on some system or another.

    > I registered nomail.afraid.org, and have given blanket permission to use
    > it for usenet from addresses.


    I think that is a bad suggestion, because it puts 'pressure' on resources
    which the usage of .invalid would not.

    If user@nomail.afraid.org is used and harvested by 'bots', then the
    spammer-dictionary process will marry numerous usernames extracted from
    other harvestings to marry to the nomail.afraid.org domainname and
    generate millions of spams to those addresses.

    Those millions of spams will 'impact' the nameservice for afraid.org
    (lookups to get the MX) and subsequently impact the MX for
    nomail.afraid.org which is nirvana.admins.ws.

    Those nameserver impacts and MX impacts and processes are completely
    unnecessary because the spam generated to the usernames + .invalid would
    not impact any afraid nameservers nor the nirvana MX.

    Another thing is wrong with the suggestion; and that is that nothing
    should be considered to be permanent. In the past various people have
    allowed or recommended their registered domain to be used for mungeing
    From and then later have subsequently abandoned the domain. This caused
    the domainname to carry a subsequently unnecessary burden which was caused
    by the type of original recommendation which you are making now.

    It is better to use an invalid such as .invalid, not something else and
    not something which has more effects, presently or potentially in the
    future.


    --
    Mike Easter


  8. Re: munging email

    On Tue, 28 Oct 2008 13:13:29 -0400, Mike Easter wrote:

    > Those millions of spams will 'impact' the nameservice for afraid.org
    > (lookups to get the MX) and subsequently impact the MX for
    > nomail.afraid.org which is nirvana.admins.ws.


    All of the email sent to anyaddress@nomail.afraid.org goes to a spamtrap,
    for a public blocklist (uceprotect).

    It's usually under a thousand email messages per day, so the volume isn't
    anything out of the ordinary, for the name servers.

    The only time I've seen the number of messages get large (over a thousand
    per hour), was when a spammer was using it for a return address, and most
    of the messages were backscatter. That seemed to stop once I added spf
    records, although it's more likely, the spammer just switched to a different
    from address.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  9. Re: munging email

    David W. Hodgins wrote:
    > Mike Easter


    >> Those millions of spams will 'impact' the nameservice for afraid.org
    >> (lookups to get the MX) and subsequently impact the MX for
    >> nomail.afraid.org which is nirvana.admins.ws.

    >
    > All of the email sent to anyaddress@nomail.afraid.org goes to a
    > spamtrap, for a public blocklist (uceprotect).


    I'm in favor of blocklists including those which are based on spamtraps,
    but...

    .... the optimal spamtrap address should be an address which should never
    'expect' to be in receipt of legitimate mail, especially those spamtraps
    which require some 'action' to remove and most especially those spamtraps
    which are not a secret.

    Spamtraps which are known and which are known to influence blocklists
    which are popular and therefor powerful are subject to misuse by
    miscreants. This has happened to spamcop spamtrap addresses.

    In the case of a usenet From address, that is actually an address which
    original intention and purpose was to be a 'legitimate' email address
    which could be emailed by someone who encountered a message in a newsgroup
    and who wanted to correspond with the poster by email instead of by
    posting into the group.

    When someone sees an .invalid address, they know that the address isn't
    one for correspondence, or if they don't know they soon discover by the
    failure of the invalid address to send. When someone sees a legitimate
    valid address being used in a manner which is structured to be sent and
    accept legitimate mail, it is reasonable for them to assume that is a real
    address.

    A spamtrap is not supposed to be toggled by receiving 'legitimate' mail.
    A spamtrap is only supposed to be toggled by receiving mail which would
    never be mailed to a legitimate address.

    > It's usually under a thousand email messages per day, so the volume
    > isn't anything out of the ordinary, for the name servers.


    There isn't anything in the logical structure of your invitation for
    people to use it in usenet From which would keep it from being millions.
    While we are talking about nameservers, before the nameservers for afraid
    are reached, the root servers are queried as well. While it is true that
    the root and even the afraid nameservers can handle 'gazillions' of
    requests, one point I'm making is that it isn't the same as invalid.

    And now I'm making an additional point -- that such exposure isn't a
    proper spamtrap because it can be reasonably assumed to get some
    legitimate mail.

    > The only time I've seen the number of messages get large (over a
    > thousand per hour), was when a spammer was using it for a return
    > address, and most of the messages were backscatter.


    That is one of the ways that a miscreant can use the known spamtrap
    address to abuse something else. That move causes the mailserver to get
    itself uceprotect blocklisted. I'm also against misconfigured mailservers
    which do abusive misdirected backscatter, but I don't like the idea of a
    known spamtrap being abused to get something else blocklisted.

    > That seemed to
    > stop once I added spf records, although it's more likely, the spammer
    > just switched to a different from address.


    I think that it is a 'problem' for the creation and utilization of
    'perfect' or pristine spamtrap addresses. I don't think that inviting
    people to use a domainname in usenet From addresses is a proper solution
    to the problem.



    --
    Mike Easter


  10. Re: munging email

    On Wed, 29 Oct 2008 18:13:30 -0400, Mike Easter wrote:

    > In the case of a usenet From address, that is actually an address which
    > original intention and purpose was to be a 'legitimate' email address
    > which could be emailed by someone who encountered a message in a newsgroup
    > and who wanted to correspond with the poster by email instead of by
    > posting into the group.


    I reveiwed the listing policies, and discussed it with one of the operators
    of uceprotect, before adding the mx record. The listing policy is at
    http://www.uceprotect.net/en/index.php?m=3&s=3

    > And now I'm making an additional point -- that such exposure isn't a
    > proper spamtrap because it can be reasonably assumed to get some
    > legitimate mail.


    If the sender is using an ip address that doesn't have reverse dns, or
    has reverse dns that's obviously dynamic, it's assumed to be a trojaned
    computer, and listed after one spamtrap hit. If the reverse dns looks ok,
    then they have to hit 50 different spamtraps to get listed.

    > I think that it is a 'problem' for the creation and utilization of
    > 'perfect' or pristine spamtrap addresses. I don't think that inviting
    > people to use a domainname in usenet From addresses is a proper solution
    > to the problem.


    The main purpose of using nomail.afraid.org, is to avoid posting with a real
    email address, yet meet some news servers requirements to use an address that
    resolves to a real hostname. Most will now allow .invalid, but when I setup
    nomail.afraid.org, that was not the case. A side benefit is providing additional
    data to the blocklist, which will be removed, if I find it is causing problems.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  11. Re: munging email

    On 2008-10-29, David W. Hodgins wrote:
    > On Tue, 28 Oct 2008 13:13:29 -0400, Mike Easter wrote:
    >
    >> Those millions of spams will 'impact' the nameservice for afraid.org
    >> (lookups to get the MX) and subsequently impact the MX for
    >> nomail.afraid.org which is nirvana.admins.ws.

    >
    > All of the email sent to anyaddress@nomail.afraid.org goes to a spamtrap,
    > for a public blocklist (uceprotect).


    [...]

    Are you saying that any email sent to that domain gets the originating IP
    number added to a blocklist? Or have you got some system for
    distinguishing innocent legitimate messages from whatever it is your
    blocklist considers to be "spam"?

    You seem to be getting close to, if not crossing, the line that separates
    legitimacy from abuse.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  12. Re: munging email

    On 2008-10-29, David W. Hodgins wrote:
    > On Wed, 29 Oct 2008 18:13:30 -0400, Mike Easter wrote:


    [...]

    > The main purpose of using nomail.afraid.org, is to avoid posting with a
    > real email address, yet meet some news servers requirements to use an
    > address that resolves to a real hostname. Most will now allow .invalid,
    > but when I setup nomail.afraid.org, that was not the case. A side
    > benefit is providing additional data to the blocklist, which will be
    > removed, if I find it is causing problems.
    >
    > Regards, Dave Hodgins


    Any post to usenet is an invitation for a response - either in the
    newsgroup(s) posted to or by private email. Unless the From address you
    use is clearly impossible to send emails to, it is an invitation for
    people to send emails to it. That isn't a spam trap, it's an
    indiscriminate and misleading trick if you assume that all emails sent to
    that address are illegitimate - or arguably, even if you merely never look
    at the messages arriving there.

    I've found that combining a From address (which does get a significant
    amount of spam, but which I do look at most days to pick out any non-spam
    messages) and a Reply-To address (which doesn't seem to get picked up by
    the bots searching basic usenet headers for addresses, but which most
    newsreader programs will at least prompt a user to send email to instead
    of the From address) works pretty well for me. Neither of those addresses
    is used for 'personal' or 'business' purposes.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  13. Re: munging email

    Whiskers wrote:
    > Any post to usenet is an invitation for a response - either in the
    > newsgroup(s) posted to or by private email. Unless the From address you
    > use is clearly impossible to send emails to, it is an invitation for
    > people to send emails to it.


    Does anybody think the method I'm using for newsgroups is a bad idea?
    The "From:" header is (obviously, I think) invalid. However, when I
    think anyone might want to email me, I have a valid address in my sig,
    using a fiendishly clever encoding scheme. :-) That's the address I use
    for newsgroups and mailing lists that I want to be on, and I do check it
    (and reply) often.

    Adam
    --
    Email: adam seven zero seven AT verizon DOT net

  14. Re: munging email

    On Sun, 02 Nov 2008 21:19:43 -0500, Adam wrote:

    > Does anybody think the method I'm using for newsgroups is a bad idea?


    It violates http://www.rfc-editor.org/rfc/rfc2606.txt and message may
    some day become a vaild top level domain.

    The hostname used in the address should either be a valid hostname that
    you have permission to use, or be one test, example, invalid, or
    localhost.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  15. Re: munging email

    Adam wrote:

    > Whiskers wrote:
    >> Any post to usenet is an invitation for a response - either in the
    >> newsgroup(s) posted to or by private email. Unless the From address you
    >> use is clearly impossible to send emails to, it is an invitation for
    >> people to send emails to it.

    >
    > Does anybody think the method I'm using for newsgroups is a bad idea?
    > The "From:" header is (obviously, I think) invalid. However, when I
    > think anyone might want to email me, I have a valid address in my sig,
    > using a fiendishly clever encoding scheme. :-) That's the address I use
    > for newsgroups and mailing lists that I want to be on, and I do check it
    > (and reply) often.
    >
    > Adam


    You really need the .invalid top-level domain. The best explanation I've
    seen is here: http://www.2kevin.net/munging.html


  16. Re: munging email

    >> Does anybody think the method I'm using for newsgroups is a bad idea?
    >
    > You really need the .invalid top-level domain. The best explanation I've
    > seen is here: http://www.2kevin.net/munging.html


    Thanks, David and Cliff! I've changed it. (Even if it will mess up
    Google Groups' cumulative count of my posts. :-) )

    Now if only I could be sure that my sig wasn't too hard for anyone to
    decode... I'm sure that some user will find a way to screw it up...

    Adam
    --
    Email: adam seven zero seven AT verizon DOT net

  17. Re: munging email

    On Sun, 02 Nov 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , David W. Hodgins wrote:

    >Adam wrote:


    >> Does anybody think the method I'm using for newsgroups is a bad idea?


    >It violates http://www.rfc-editor.org/rfc/rfc2606.txt


    2606 Reserved Top Level DNS Names. D. Eastlake 3rd, A. Panitz. June
    1999. (Format: TXT=8008 bytes) (Also BCP0032) (Status: BEST
    CURRENT PRACTICE)

    Status of this Memo

    This document specifies an Internet Best Current Practices for the
    Internet Community, and requests discussion and suggestions for
    improvements. Distribution of this memo is unlimited.

    But RFC2606 is only a recommendation, not a requirement. There is a
    standards track _DRAFT_ RFC in the works (and has been for several
    years) that if it ever gets adopted will replace RFC1036

    1036 Standard for interchange of USENET messages. M.R. Horton, R.
    Adams. December 1987. (Format: TXT=46891 bytes) (Obsoletes
    RFC0850) (Status: UNKNOWN)

    and the latest version I'm aware of is "Netnews Architecture and
    Protocols" (ftp://ftp.isi.edu//in-notes/internet-drafts/
    draft-ietf-usefor-usepro-12.txt) which in the next-to-last paragraph of
    section 3.4 reads:

    Contrary to [RFC2822], which implies that the mailbox or mailboxes in
    the From header field should be that of the poster or posters, a
    poster who does not, for whatever reason, wish to use his own mailbox
    MAY use any mailbox ending in the top level domain ".invalid"
    [RFC2606].

    But note that this is a _draft_ RFC - and has no standing other than to
    indicate which way things _might_ be headed. I think this is a bit
    better than the old 'Address Munging FAQ' that used to be posted
    regularly (http://www.faqs.org/faqs/net-abuse-faq/munging-address/)

    >and message may some day become a vaild top level domain.


    Possible - but that's a bit of a stretch. Back in June, ICANN voted to
    allow 'vanity' top level domains beginning next spring, but I don't
    expect to see to much out of that. After all, EVERYONE knows that
    all hosts on the Internet begin with "www" and end with ".com". ;-)

    Old guy

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2