DynDNS Drops Non-Delivery Reports 195
jetkins writes "In an email to subscribers, DynDNS announced that they will no longer deliver locally generated non-delivery reports (NDRs) from any MailHop systems. MailHop is a multi-faceted service offering in- and outbound relay services, spam and virus filtering, and store-and-forward buffering. DynDNS makes it clear that they are aware that this goes against RFC 2821 Section 3.7, but explains that in their opinion the increase in spam volume, and the use of NDRs as a spam vector, means that the value of NDRs is now far outweighed by their potential for harm. (DynDNS also points to the far greater reliability of email systems now than when the RFC was approved.) The company notes that other ISPs have quietly dropped RFC 2821-compliant NDRs. Will their public move start a flood (mutiny) of ISPs following suit? Should they have made efforts to have the standard changed instead of defying it?"
Finally, a service provider with a clue... (Score:5, Informative)
Re:RFC-Ignorant.org (Score:3, Informative)
Why are you accepting a message for a nonexistent user in the first place? As soon as the sending SMTP connection specifies RCPT you should be able to check if it is valid and terminate the connection if it is for a nonexistent user. This can all be done before the DATA command is issued. Why waste cycles virus scanning, spam screening and bouncing a message for a user you don't even have? You're not just RFC ignorant, you're ignorant of how to properly run a mail server!
Note that the method above gets rid of NDRs for nonexistent users but still provides them for a user over their quota or suffering other delivery problems.
Re:RFC-Ignorant.org (Score:3, Informative)
Re:Finally, a service provider with a clue... (Score:5, Informative)
A properly-configured endpoint server should check addressee validity during the SMTP exchange, and reject the transfer before it even gets into the system, so the spammer's attempt goes nowhere and "Joe" doesn't get an unwarranted NDR.
Of course that doesn't help proxy providers like DynDNS, unless they have some way of authenticating their clients' valid addresses in real time via a direct connection or regular updates.
Re:Finally, a service provider with a clue... (Score:3, Informative)
Ignoring a problem isn't the same as fixing it... NDRs serve a useful purpose assuming the original message was actually useful. The problem isn't sending out NDRs. The problem is sending an NDR in response to spam!
I've had to deal with the whole joe-job+NDR+DDOS scenario on several occasions... I have found that 65~80% of this garbage has already been marked as spam by the bouncer! Why in the would would you bounce a message that you _already_ know to be invalid?!?!? All this does is amplify the volume of crap being flung around...
A sanely configured email server should not bounce on spam. Spam should be left to rot in the bottomless pit of /dev/null.
Remember, Its not a turd fight if theres only one monkey :-)
Re:Start at the top, with secure DNS. (Score:3, Informative)
Way to confuse envelope-from, header-from and reply-to.
Besides, my home-brewed Linux-based mail server has a published SPF record, and anyone receiving mail can verify that machine is entitled to generate envelope-from with that domain. The SPF also spells out my relay provider, since my DSL line is in DSL blocklists.
What it really needs, at the least, is for people to stop accepting bogus HELO/EHLO addresses and other unverifiable envelope information. If there isn't even an A record for the HELO address, then 554 the message.
This means mail from many large corporations will be rejected, because they use HELO hostnames that only resolve inside the company.
Re:RFC-Ignorant.org (Score:2, Informative)
Re:RFC-Ignorant.org (Score:3, Informative)