Somehow, yesterday I experienced a new form of email nonsense.
-
Billreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc @erik @tychotithonus I was gonna say, I spend most of my time at 443 so I'm probably ok there.
-
DrScripttreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc @tychotithonus @Sempf well it might, but it won’t be your server sending the back scatter.
The server you refused to accept the message from us coulpable for the backscatter. Maybe it shouldn’t have accepted the message in the first place.
-
DrScripttreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc ask them for a PCAP.
If they successfully sent and you never got as much as a SYN, then someone’s got a monkey in the middle.
Are any ISPs intercepting outbound port 25 instead of filtering it?
-
I'm interested in minimizing ecosystem harm / impact, even if I'm not the direct / attributable source. In the worst case, if I know that an upstream hop is going to generate backscatter if I reject in my DATA phase, and I know with high confidence that the content is spam, and I know that that upstream hop is not likely to change their ways any time soon ... it's a net lessening of ecosystem harm if I silently discard, rather than indirectly "trigger" predictable backscatter.
Yes, I know this is idealistic.
-
Ryan Castellucci :nonbinary_flag:replied to Royce Williams last edited by
@tychotithonus @drscriptt @Sempf I think we can agree this is a case of choosing amongst bad options, but don't think either of us are going to change our mind about which is worse.
Besides, I'm the one who patched their mail server to allow for customized fake rejects.
-
Ryan Castellucci :nonbinary_flag:replied to DrScriptt last edited by
@drscriptt they're not going to have a pcap, and I have mine as I said
-
cR0w :cascadia:replied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc @tychotithonus @drscriptt @Sempf
Me: I run my own mail server. I know what I'm doing.
Me later: reads this thread
Me now: Okay, y'all are awesome and I'm a noob again. And that's so cool.
-
@cR0w @ryanc @tychotithonus @drscriptt Exactly this.
-
Royce Williamsreplied to Ryan Castellucci :nonbinary_flag: last edited by [email protected]
@ryanc
I think we agree more than we disagree! Especially when it it is probably better for the ecosystem for the systems causing harm to be the explicit source of that harm, so that the ecosystem will start to respond to it appropriately. So I'm basically arguing myself out of silent discard even in my idealistic case!
@drscriptt @Sempf -
@Sempf @cR0w @ryanc @drscriptt
I mean, my experience is outdated, but at its height I was the sole sysadmin and abuse admin for a platform that served about 60,000 users, accepting or rejecting about a million SMTP delivery attempts a day. I was a very early implementer of things like graylisting and SpamAssassin, before you could even buy an appliance to do them, let alone a cloud service. But the landscape was very different then -- spammers were smaller scale and not big business then. The scars are old, but deep. Count yourself lucky.
-
Ryan Castellucci :nonbinary_flag:replied to Royce Williams last edited by
@tychotithonus @Sempf @cR0w @drscriptt remember when people were implementing ocr plugins for detecting image base spam, and then the spammers started sending ads for black market viagra that looked like CAPTCHAs?
-
Ryan Castellucci :nonbinary_flag:replied to Royce Williams last edited by
@tychotithonus @Sempf @cR0w @drscriptt I haven't been responsible for other people's email infrastructure since 2009, and I still get twitchy thinking about it.
Email was a warzone.
