Woot (Amazon owned) is stupid. I have reported for months, but they don't
listen. They're not the only ones doing this though. It's the case of
lousy IT with marketing people who don't understand tech.
I don't think I did a very good of explaining what I'm thinking. Sorry.
I won't not turn off MX / MXA checking, it's way too powerful of a
feature, but I do think there's room for improvement. Please allow me to
try one last time more concisely.
*Summary*: I'd like you to consider MXA as
If there is an MX record, make sure there's an A record for that MX record
(no change to functionality)
But, if we know there's no MX record, then instead of automatically
assigning the MXA socre too as is done now, first check for an A record for
the sender's hostname (bounces.woot.com does have an IP address, so don't
double score). If there wasn't even an A record for bounces.woot.com then
you'd also assign the MXA penalty.
This would be helpful for the handful of organizations that we have to deal
with who don't know what they're doing and have no MX record for some
sender addresses but do have an A record for them.
On Fri, Apr 20, 2018 at 5:26 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> >Why not check if an A record exists for the sender hostname?
>
> What we are talking about here?
>
> bounces.woot.com has no MX record and there is NO SMTP service available
> for this subdomain (A record) -> IT IS NOT ALLOWED to use this subdomain
> in an email addresses in SMTP traffic.
> If you have problems receiving emails from this subdomain, contact the
> domain holder and advise him to correct the DNS records.
>
> ASSP does NOT check if, there is a SMTP service available for a given
> domain/subdomain. For this reason it IS NONSENSE to change this check ( in
> your suggested way ). The possibly existing A record may point to anything
> else, but not to a SMTP host. Again, this check is a indicator not a RFC
> compliance check. An RFC compliance check would mean:
>
> - check the MX record(s) or use the A record
> - check that port 25 is opened at at least one IP (MX or A)
> - check that there is a postmas...@domain.tld available
> - check the given email address exists (is accepted)
>
> Such a check would simply take too long.
>
> If YOU don't like this check as it is - switch it OFF.
>
> I feel very comfortable with the current behavior of this check.
>
> My statistic over all ever processed mails is:
>
> block MX+MXA: 0.95%
> score MX : 0.95%
> score MXA : 5%
>
> with not a single false positive!
>
>
> Thomas
>
>
>
>
>
>
>
> Von: "K Post" <nntp.p...@gmail.com>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.
> net>
> Datum: 19.04.2018 23:19
> Betreff: Re: [Assp-test] Incorrect no A record
> ------------------------------
>
>
>
> But if the MX is missing, with your check the MXA will obviously always
> fail. Why not check if an A record exists for the sender hostname? That's
> legal per RFC. That would avoid forcing manual tracking and turning on
> mxcaching (which I don't do because so many of our vendors are idiots and
> often mess up their records, I want it to check every time).
>
> On Thu, Apr 19, 2018 at 7:20 AM, Thomas Eckardt <
> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
> 1. a mail is only blocked if both MX and MXA failed
> 2. using the defaults for mxValencePB(10) and mxaValencePB(15) the
> resulting score is:
> - no MX : 25
> - no MXA : 10
>
> This check follows not any RFC. It assumes, that a missing MX and a
> missing MXA are very good indicators for spam sources.
>
> You have three options.
>
> 1. disable this check
> 2. adjust the penalty score settings to your needs
> 3. add long life entries for failing domains to the MXACache manually
> (means - fake the MX and MXA)
>
> Thomas
>
>
>
> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
> An: "ASSP development mailing list" <
> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
> Datum: 18.04.2018 16:45
> Betreff: Re: [Assp-test] Incorrect no A record
> ------------------------------
>
>
>
> I'm sorry for my recent volume of email to this list. I feel like this
> discussion has led to some significant ASSP improvements. Thank you for
> continuing to entertain my ideas.
>
> Summary:
> This doesn't happen very often, because what legit senders don't use an MX
> these days, but woot/amazon apparently does. My suggestion is to slightly
> change assp as follows
> 1) score for missing MX record (existing functionality)
> 2) score if there IS an MX record, but there's no IP for that - or if the
> mx record is an ip address itself, make sure there is a valid ptr if
> doinvalidptr is enabled (change: only do this if there IS an mx record)
> 3) score if there's no MX record and there's no IP for the hostname of the
> sender address (new functionality)
>
> Please allow to explain my thinking:
> Isn't it completely legal to send mail from *bounces.woot.com*
> <http://bounces.woot.com/> even though there's no MX record since there
> IS an A record for it? RFC5321 says
>
> If an empty list of MXs is returned, the address is treated as if it
> was associated with an implicit MX RR, with a preference of 0, pointing to
> that host.
>
>
> (if there's no MX, send to the A record)
>
> Now granted, this is unusual, but it's legal and woot/Amazon appears to be
> doing it. I've seen other legit senders only have an A address, especially
> for the *bounce.whatever.com* <http://bounce.whatever.com/> domains. I
> don't know why they do this, but they do.
>
> I DO think these kind of senders should be penalized for not having an MX
> record because that is kind of spammy, but to penalize a second time
> because there's *no A record associated with the non-existent MX* record
> seems too extreme, if there's a missing MX record there will of course
> never be an A record for that MX, because there is no MX. I think this is
> flawed. If there's a no MX score, MXA will also ALWAYS be added. The
> only time MXA gets added without the MX score is when there's an mx record
> but there's no a record/ptr. I'd think we would want this to be one or the
> other score for these 2 and my 1-2-3 suggestion above accomplishes that.
>
>
> My #3 option comes into play when there's no MX record (which is legal)
> but there's also no A record (which isn't legal if there's no MX record). I
> always assumed (I guess incorrectly) that if there was no MX record, ASSP
> checked for an IP Address for the hostname of the sending address. That's
> what DoDomainCheck implies to me at least. Sometimes it's just one word
> that can make the difference, here for me it's "or." My confusion stems
> from my thought that the sender address is checked fora valid MX OR for an
> A record like the description says.
>
> DoDomainCheck
> If activated, the sender address and each address found in the following
> header lines (ReturnReceipt:, Return-Receipt-To:,
> Disposition-Notification-To:, Return-Path:, Reply-To:, Sender:, Errors-To:,
> List-...:)* is checked for a valid MX **or** A record*. Scoring is done
> for non existing MX ( mxValencePB ) record and non existing A record (
> mxaValencePB ) - a messages fails (block), if both records are not found.
> If only an IP-address is found for a MX, the A record check fails, if the
> IP has no valid PTR and DoInvalidPTR is enabled.
>
> The sender address is checked for MX, but it is not checked for an A -
> it's the MX record (which doesn't exist) that's being checked for the A.
> With my option 3, the A check for a missing MX wouldn't be done, but an A
> check for the hostname would. If neither exists we could score pretty
> high.
>
> What do you think?
>
>
>
>
>
>
> On Wed, Apr 18, 2018 at 4:24 AM, Thomas Eckardt <
> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
> I can't find anything wrong.
>
> There is no MX record - and for this reason, there can't be an A record
> for the MX *[MissingMXA]* .
> Remember - the A record check is done for the MX - not for anything else!
>
> Thomas
>
>
>
>
> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
> An: "ASSP development mailing list" <
> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
> Datum: 17.04.2018 22:24
> Betreff: [Assp-test] Incorrect no A record
> ------------------------------
>
>
>
>
> I've got a constant problem with emails from *woot.com* <http://woot.com/>
> (an Amazon.com company). This has been going on at least for a month and
> I'm baffled (no surprise there :) )
> I've not seen this with any other sender, but it could be happening
> elsewhere and I just don't notice.
>
> Their mail from: is *longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>
> This domain does not have a MX record set (surprising for Amazon), so it's
> scored
> This DOES have an A record though, but ASSP reports MissingMXA
>
>
> (only significant log lines shown)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org *woot.com*
> <http://woot.com/> - MX '*amazon-smtp.amazon.com*
> <http://amazon-smtp.amazon.com/>' - got IP (207.171.188.180)
> Apr-17-18 15:34:58 74882-14329 [MissingMX] 54.240.15.37 <
> *longstr...@bounces.woot.com* <longstr...@bounces.woot.com>> to:
> ouru...@ourcharity.org [[scoring]] MX missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org Message-Score:
> added 10 (mxValencePB) for MX missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:), total score for this message is
> now 3
> Apr-17-18 15:34:58 74882-14329 *[MissingMXA]* 54.240.15.37 <
> *longstr...@bounces.woot.com* <longstr...@bounces.woot.com>> to:
> ouru...@ourcharity.org [[scoring]] *A record missing: **bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org Message-Score:
> added 15 (mxaValencePB) for A record missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:), total score for this message is
> now 18
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org MX found:
> *woot.com* <http://woot.com/> (From) -> *amazon-smtp.amazon.com*
> <http://amazon-smtp.amazon.com/>
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org A record found:
> *woot.com* <http://woot.com/> (From) -> 207.171.188.180
>
> I thought it might be a caching thing, but PTRCacheInterval and
> MXChacheInterval are both 0.
> I did an nslookup using the dns servers that ASSP uses and I get the A
> record for *bounces.woot.com* <http://bounces.woot.com/>
>
> Any idea how this could be happening?
>
>
>
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
