Blank emails - RFC2821
Chris Fortune
cfortune at telus.net
Sat Jun 12 00:59:46 CEST 2004
550 rejections for malformed email has been debated for many years, and we are continuing the tradition: "to reject or deliver, that
is the question." You are right, Tom, that "user not found" is not right, and not supported by the RFC's. To equivocate, I think
it is fair that a blank email should be issued a "permanent failure" rejection of the correct type. ISPs can use RFC 550 5.7.1 "Go
Away" to indicate that the ISP is intentionally rejecting the delivery of an email that is thought to be in violation of the list
hygiene policies indicated herein.is intentionally rejecting the delivery of an email that is thought to be in violation of the list
hygiene policies indicated hereinis intentionally rejecting the delivery of an email that is thought to be in violation of the list
hygiene policies indicated hereinis intentionally rejecting the delivery of an email that is thought to be in violation of it's
hygiene policies.
RFC2821:
...
7.7 Scope of Operation of SMTP Servers
It is a well-established principle that an SMTP server may refuse to
accept mail for any operational or technical reason that makes sense
to the site providing the server. However, cooperation among sites
and installations makes the Internet possible. If sites take
excessive advantage of the right to reject traffic, the ubiquity of
email availability (one of the strengths of the Internet) will be
threatened; considerable care should be taken and balance maintained
if a site decides to be selective about the traffic it will accept
and process.
In recent years, use of the relay function through arbitrary sites
has been used as part of hostile efforts to hide the actual origins
of mail. Some sites have decided to limit the use of the relay
function to known or identifiable sources, and implementations SHOULD
provide the capability to perform this type of filtering. When mail
is rejected for these or other policy reasons, a 550 code SHOULD be
used in response to EHLO, MAIL, or RCPT as appropriate.
...
http://www.faqs.org/rfcs/rfc2821.html
This points to the need for good Directory Harvest Attack detection software, so that senders can be rejected BEFORE the DATA
command. Can anybody recommend some?
Has anybody tried Bayesian classification of just the mail header EHLO, MAIL, RCPT, Received:, and IP information?
----- Original Message -----
From: "Tom Anderson" <tanderso at oac-design.com>
To: "bogofilter" <bogofilter at bogofilter.org>
Sent: Friday, June 11, 2004 3:14 PM
Subject: Re: Blank emails
> On Fri, 2004-06-11 at 05:34, Peter Bishop wrote:
> > So I guess the lack of a Subject line might be sufficient to detect
> > such probes.
> > "Proper" emails should have a Subject line - even if the sender
> > forgets to fill it in.
>
> That is by no means a given. The RFC does not make a subject line
> required... it is explicitely optional. It is supposed to have either a
> "To" a "CC" or a "BCC" though, so you could reject it on that basis, but
> I'm not even sure that's appropriate.
> http://www.faqs.org/rfcs/rfc2822.html
>
> I would just reject it because it has no body. I haven't heard of any
> specification that allows you to say that the user doesn't exist based on that though.
>
> Tom
>
>
> _______________________________________________
> Bogofilter mailing list
> Bogofilter at bogofilter.org
> http://www.bogofilter.org/mailman/listinfo/bogofilter
>
More information about the Bogofilter
mailing list