[143142] in North American Network Operators' Group
Re: [BULK] Re: SORBS contact
daemon@ATHENA.MIT.EDU (William Herrin)
Sat Jul 30 15:19:06 2011
In-Reply-To: <28441.1312035129@turing-police.cc.vt.edu>
From: William Herrin <bill@herrin.us>
Date: Sat, 30 Jul 2011 15:18:17 -0400
To: Valdis.Kletnieks@vt.edu
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Jul 30, 2011 at 10:12 AM, <Valdis.Kletnieks@vt.edu> wrote:
> Hint: =A0If somebody forges a subscription request from 'nosuchuser@herri=
n.us',
> do you want the resulting "Somebody has requested this email address to b=
e
> added to the foobar-l list, please click or reply within 48 hours to conf=
irm"
> mail to show up with a <> so you can skip generating the bounce, or do yo=
u want
> it to have a non-null return path so you're forced to generate a bounce t=
hat
> will be ignored at the other end anyhow? =A0Does your answer change if so=
me
> skript kiddie forges 10,000 requests?
1. nosuchuser@herrin.us rejects during the smtp session, so it makes
no difference to my server resource consumption either way.
2. I assume the subscription request came from a web page because if
it was from an email request you received then you ignored my SPF
records when generating the confirmation request. That was OK in 2001
but in 2011 you ought not be doing that.
3. If you happen to hit my real email address and it isn't caught by
my spam filter, then all 10,000 show up in my mailbox whether you used
a null return path or not. This will annoy me and when I examine the
message and notice that you engaged in fire and forget behavior so
that you wouldn't be bothered by the fact that you flooded my mailbox,
all bets are off.
So, if you want to do me a favor (as opposed to doing yourself a
favor), process the messages I bounce at you and like a responsible
person, try to do something intelligent with the results.
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
