Re: Points for missing MX Records

[Giles Coochey]

On 23/02/2011 11:24, Henry | Security Division wrote:

Hi list,

I have a question. Is it possible to check with a Spamassassin rule 
for existing MX records of a sender domain and give points if the MX 
records exist or not exist?


I know that such a check is possible with Postfix, but I don´t want to 
reject mails right away. I just want to "flag" them with points.


Cheers,

Henry


How do you define 'exists' - do you mean reachable and up? or just 
whether a MX record is defined?


--
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Points for missing MX Records

[Henry | Security Division]

On Wed, 23 Feb 2011 11:36:57 +0100, Giles Coochey wrote:

On 23/02/2011 11:24, Henry | Security Division wrote:

Hi list,

I have a question. Is it possible to check with a Spamassassin rule
for existing MX records of a sender domain and give points if the MX
records exist or not exist?

I know that such a check is possible with Postfix, but I don´t want 
to

reject mails right away. I just want to "flag" them with points.

Cheers,

Henry



How do you define 'exists' - do you mean reachable and up? or just
whether a MX record is defined?


I just want Spamassassin to check if there is a MX Record in DNS for 
the sender. Spamassassin doesn´t need to check if the MX is up. It would 
also be cool if Spamassassin could compare senderdomain and helo name.


Cheers

--
This message was scanned by the LM Networkx Mailsystem and is believed to be 
clean of viruses. However, we are not liable for any virus contamination.
Please contact the Postmaster (postmas...@lm-networkx.de) if you received this 
mail in error or if you think that it is spam.

LM Networkx Mailsystem

Re: Points for missing MX Records

[Martin Gregorie]

On Wed, 2011-02-23 at 11:24 +0100, Henry | Security Division wrote:
> Hi list,
> 
>  I have a question. Is it possible to check with a Spamassassin rule for 
>  existing MX records of a sender domain and give points if the MX records 
>  exist or not exist?
> 
>  I know that such a check is possible with Postfix, but I don´t want to 
>  reject mails right away. I just want to "flag" them with points.
> 
I'm not sure that it is a meaningful test because not all legit,
non-spam domains have MX records. 

For example, my domain is hosted by securenet but there's absolutely
nothing there apart from an HTML redirect, an e-mail redirect and an SPF
record. My website is hosted by my ISP - a totally different domain -
and as a result 'host' returns nothing but my website address from 'host
www.example.com' and does not report an MX record for 'example.com'. 

Nevertheless, I receive all mail sent to 'u...@example.com' including
that sent to RFC recommended mailboxes such as postmaster, webmaster and
abuse.
 

Martin

Re: Points for missing MX Records

[Henry | Security Division]

Hi Martin,

i know what you mean. Your sender domain is gregorie.org. There are two 
MX records in your DNS Zone. So that´s fine. I just want Spamassassin to 
flag mails from senders who have no MX Records. I have tested this 
anti-spam mechanism in a big environment on a commercial mailgateway and 
much spam is filtered just by this rule. It caused some false positives 
in the beginning of course but I personally think that everybody who 
sends mails should also have MX records to receive mails!


What i mean is:

domain example.com -> no MX records return after DNS lookup -> 2 Points
domain apache.org -> at least one MX record -> 0 Points
domain gregorie.org -> at least one MX record -> 0 Points

Cheers!

On Wed, 23 Feb 2011 11:36:51 +, Martin Gregorie wrote:

On Wed, 2011-02-23 at 11:24 +0100, Henry | Security Division wrote:

Hi list,

 I have a question. Is it possible to check with a Spamassassin rule 
for
 existing MX records of a sender domain and give points if the MX 
records

 exist or not exist?

 I know that such a check is possible with Postfix, but I don´t want 
to

 reject mails right away. I just want to "flag" them with points.


I'm not sure that it is a meaningful test because not all legit,
non-spam domains have MX records.

For example, my domain is hosted by securenet but there's absolutely
nothing there apart from an HTML redirect, an e-mail redirect and an 
SPF

record. My website is hosted by my ISP - a totally different domain -
and as a result 'host' returns nothing but my website address from 
'host

www.example.com' and does not report an MX record for 'example.com'.

Nevertheless, I receive all mail sent to 'u...@example.com' including
that sent to RFC recommended mailboxes such as postmaster, webmaster 
and

abuse.


Martin



--
This message was scanned by the LM Networkx Mailsystem and is believed to be 
clean of viruses. However, we are not liable for any virus contamination.
Please contact the Postmaster (postmas...@lm-networkx.de) if you received this 
mail in error or if you think that it is spam.

LM Networkx Mailsystem

Re: Points for missing MX Records

[Per Jessen]

Henry | Security Division wrote:

>  Hi Martin,
> 
>  i know what you mean. Your sender domain is gregorie.org. There are
>  two MX records in your DNS Zone. So that´s fine. I just want
>  Spamassassin to flag mails from senders who have no MX Records. I
>  have tested this anti-spam mechanism in a big environment on a
>  commercial mailgateway and much spam is filtered just by this rule.
>  It caused some false positives in the beginning of course but I
>  personally think that everybody who sends mails should also have MX
>  records to receive mails!

The "default" MX is the A-record for the domain. 


/Per Jessen, Zürich

Re: Points for missing MX Records

[Giles Coochey]

On 23/02/2011 13:22, Per Jessen wrote:

Henry | Security Division wrote:



The "default" MX is the A-record for the domain.


Quite, not having an MX record does not really mean anything as the A 
record for the domain would (or should) be used, which comes from a time 
before MX records existed... non-existent domain is already a standard 
MTA check anyway...


--
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Points for missing MX Records

[RW]

On Wed, 23 Feb 2011 13:22:22 +0100
Per Jessen  wrote:

> Henry | Security Division wrote:
> 
> >  Hi Martin,
> > 
> >  i know what you mean. Your sender domain is gregorie.org. There are
> >  two MX records in your DNS Zone. So that´s fine. I just want
> >  Spamassassin to flag mails from senders who have no MX Records. I
> >  have tested this anti-spam mechanism in a big environment on a
> >  commercial mailgateway and much spam is filtered just by this rule.
> >  It caused some false positives in the beginning of course but I
> >  personally think that everybody who sends mails should also have MX
> >  records to receive mails!
> 
> The "default" MX is the A-record for the domain. 
> 

There's a test

describe NO_DNS_FOR_FROM  Envelope sender has no MX or A DNS records
score NO_DNS_FOR_FROM 0 0.379 0 0.001 # n=0 n=2

For me it hit more ham than spam. It's pretty common for newletters,
autogenerated replies etc to use a domain or subdomain with no MX
record. 

Re: Points for missing MX Records

[Henry | Security Division]

On Wed, 23 Feb 2011 13:22:22 +0100, Per Jessen wrote:

Henry | Security Division wrote:


 Hi Martin,

 i know what you mean. Your sender domain is gregorie.org. There are
 two MX records in your DNS Zone. So that´s fine. I just want
 Spamassassin to flag mails from senders who have no MX Records. I
 have tested this anti-spam mechanism in a big environment on a
 commercial mailgateway and much spam is filtered just by this rule.
 It caused some false positives in the beginning of course but I
 personally think that everybody who sends mails should also have MX
 records to receive mails!


The "default" MX is the A-record for the domain.


/Per Jessen, Zürich


Hi Per,

you are right. I´d just like to check for missing mx records.

Here is a draft RFC about that topic "A NULL MX Resource Record means 
"I never accept email""


http://tools.ietf.org/html/draft-delany-nullmx-00

I just want to check if the sending MX accepts mails by checking the 
existence of MX records. If not -> Points in Spamassassin.


Cheers


--
This message was scanned by the LM Networkx Mailsystem and is believed to be 
clean of viruses. However, we are not liable for any virus contamination.
Please contact the Postmaster (postmas...@lm-networkx.de) if you received this 
mail in error or if you think that it is spam.

LM Networkx Mailsystem

Re: Points for missing MX Records

[Henry | Security Division]

On Wed, 23 Feb 2011 13:33:48 +0100, Giles Coochey wrote:

On 23/02/2011 13:22, Per Jessen wrote:

Henry | Security Division wrote:



The "default" MX is the A-record for the domain.



Quite, not having an MX record does not really mean anything as the A
record for the domain would (or should) be used, which comes from a 
time
before MX records existed... non-existent domain is already a 
standard

MTA check anyway...


Yup! And I just want Spamassassin to check for the MX records. Not more 
:-). I know that checking for missing MX records is possible wioth 
postfix, but postfix would just reject the incoming mail then. I don´t 
want that. I just want the mail to be flagged. For example by points :-)


Cheers

--
This message was scanned by the LM Networkx Mailsystem and is believed to be 
clean of viruses. However, we are not liable for any virus contamination.
Please contact the Postmaster (postmas...@lm-networkx.de) if you received this 
mail in error or if you think that it is spam.

LM Networkx Mailsystem

Re: Points for missing MX Records

[Michael Scheidell]

On 2/23/11 7:40 AM, Henry | Security Division wrote:


Hi Per,

you are right. I´d just like to check for missing mx records.

Here is a draft RFC about that topic "A NULL MX Resource Record means 
"I never accept email""


http://tools.ietf.org/html/draft-delany-nullmx-00


read the rfc again.  missing mx is not NULL mx.

The NULL MX Resource Record

To indicate that a domain never accepts email, it advertises a
solitary MX RR with a RDATA section consisting of an arbitrary
preference number 0, and a dot terminated null string as the mail
exchanger domain, to denote that there exists no mail exchanger for a
domain.



--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best in Email Security,2010: Network Products Guide
   * King of Spam Filters, SC Magazine 2008

__
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
__  

Re: Points for missing MX Records

[Henry | Security Division]

On Wed, 23 Feb 2011 12:40:21 +, RW wrote:

On Wed, 23 Feb 2011 13:22:22 +0100
Per Jessen  wrote:


Henry | Security Division wrote:

>  Hi Martin,
>
>  i know what you mean. Your sender domain is gregorie.org. There 
are

>  two MX records in your DNS Zone. So that´s fine. I just want
>  Spamassassin to flag mails from senders who have no MX Records. I
>  have tested this anti-spam mechanism in a big environment on a
>  commercial mailgateway and much spam is filtered just by this 
rule.

>  It caused some false positives in the beginning of course but I
>  personally think that everybody who sends mails should also have 
MX

>  records to receive mails!

The "default" MX is the A-record for the domain.



There's a test

describe NO_DNS_FOR_FROM  Envelope sender has no MX or A DNS records
score NO_DNS_FOR_FROM 0 0.379 0 0.001 # n=0 n=2

For me it hit more ham than spam. It's pretty common for newletters,
autogenerated replies etc to use a domain or subdomain with no MX
record.


Thank you! Is this a default ruleset which has to be uncommented?

--
This message was scanned by the LM Networkx Mailsystem and is believed to be 
clean of viruses. However, we are not liable for any virus contamination.
Please contact the Postmaster (postmas...@lm-networkx.de) if you received this 
mail in error or if you think that it is spam.

LM Networkx Mailsystem

Re: Points for missing MX Records

[Martin Gregorie]

On Wed, 2011-02-23 at 12:59 +0100, Henry | Security Division wrote:
>  domain gregorie.org -> at least one MX record -> 0 Points
> 
Partial FAIL on my part when checking facts for my last message. 

I forgot to specify the DNS server used by the host command, so of
course running host from here saw my local network's internal name
server where the MX entry != that on the secureserver DNS which
everybody else sees. Specifying the DNS fixes that.


Martin

Re: Points for missing MX Records

[Henry | Security Division]

On Wed, 23 Feb 2011 07:44:05 -0500, Michael Scheidell wrote:

On 2/23/11 7:40 AM, Henry | Security Division wrote:


Hi Per,

you are right. I´d just like to check for missing mx records.

Here is a draft RFC about that topic "A NULL MX Resource Record 
means

"I never accept email""

http://tools.ietf.org/html/draft-delany-nullmx-00


read the rfc again.  missing mx is not NULL mx.

The NULL MX Resource Record

To indicate that a domain never accepts email, it advertises a
solitary MX RR with a RDATA section consisting of an arbitrary
preference number 0, and a dot terminated null string as the mail
exchanger domain, to denote that there exists no mail exchanger for a
domain.



--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
 >*| *SECNAP Network Security Corporation

* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008


__
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see 
http://www.secnap.com/products/spammertrap/


__


This is also very interesting, Michael:

(From the RFC link I sent before)

Being able to detect domains that never accept email offers many
resource savings to an SMTP server. In the first instance, it can
choose to reject email during the SMTP conversation that does not
present a deliverable 2821.MailFrom domain.


--
This message was scanned by the LM Networkx Mailsystem and is believed to be 
clean of viruses. However, we are not liable for any virus contamination.
Please contact the Postmaster (postmas...@lm-networkx.de) if you received this 
mail in error or if you think that it is spam.

LM Networkx Mailsystem

Re: Points for missing MX Records

[Darxus]

On 02/23, Michael Scheidell wrote:
> >http://tools.ietf.org/html/draft-delany-nullmx-00
> >
> read the rfc again.  missing mx is not NULL mx.

Also, that's a *draft*, not an accepted standard.

And I'm curious if you are asking the question you mean to.  What exactly
is the way postfix checks this?  Specifically, I'm wondering if you're
referring to reject_unknown_client, which I've used for years, and which
does not use MX addresses.  

I don't know of an option to reject an email because the sending domain
has no MX record.  As has been said, the standards require then delivering
email to the A record for the domain.  I don't know how common this is
among legit mail servers, but I've certainly seen it.

I think the function of the null MX idea is provided by SPF?  

-- 
"The most elementary and valuable statement in science, the beginning
of wisdom is: 'I do not know'." - Data, ST:TNG 2x2 Where Silence Has Lease
http://www.ChaosReigns.com

Re: Points for missing MX Records

[Mark Martinec]

Darxus,

> And I'm curious if you are asking the question you mean to.  What exactly
> is the way postfix checks this?  Specifically, I'm wondering if you're
> referring to reject_unknown_client, which I've used for years, and which
> does not use MX addresses.
> 
> I don't know of an option to reject an email because the sending domain
> has no MX record.  As has been said, the standards require then delivering
> email to the A record for the domain.  I don't know how common this is
> among legit mail servers, but I've certainly seen it.


reject_unknown_sender_domain

  Reject the request when Postfix is not final destination for the sender
  address, and the MAIL FROM address has no DNS A or MX record, or when
  it has a malformed MX record such as a record with a zero-length MX
  hostname (Postfix version 2.3 and later). 

  The unknown_address_reject_code parameter specifies the numerical
  response code for rejected requests (default: 450). The response is
  always 450 in case of a temporary DNS error. 

  The unknown_address_tempfail_action parameter specifies the action
  after a temporary DNS error (default: defer_if_permit).



Mark

Re: Points for missing MX Records

[Henry | Security Division]

On Wed, 23 Feb 2011 08:44:45 -0500, dar...@chaosreigns.com wrote:

On 02/23, Michael Scheidell wrote:

>http://tools.ietf.org/html/draft-delany-nullmx-00
>
read the rfc again.  missing mx is not NULL mx.


Also, that's a *draft*, not an accepted standard.

And I'm curious if you are asking the question you mean to.  What 
exactly
is the way postfix checks this?  Specifically, I'm wondering if 
you're
referring to reject_unknown_client, which I've used for years, and 
which

does not use MX addresses.

I don't know of an option to reject an email because the sending 
domain
has no MX record.  As has been said, the standards require then 
delivering
email to the A record for the domain.  I don't know how common this 
is

among legit mail servers, but I've certainly seen it.

I think the function of the null MX idea is provided by SPF?


The syntax for the DNS check in Postix is reject_unknown_sender_domain 
in smtpd_sender_restrictions!


Cheers,

Henry


--
This message was scanned by the LM Networkx Mailsystem and is believed to be 
clean of viruses. However, we are not liable for any virus contamination.
Please contact the Postmaster (postmas...@lm-networkx.de) if you received this 
mail in error or if you think that it is spam.

LM Networkx Mailsystem

Re: Points for missing MX Records

[Darxus]

On 02/23, Mark Martinec wrote:
> reject_unknown_sender_domain
> 
>   Reject the request when Postfix is not final destination for the sender
>   address, and the MAIL FROM address has no DNS A or MX record, or when
>   it has a malformed MX record such as a record with a zero-length MX
>   hostname (Postfix version 2.3 and later). 

Ah, no MX *and* no A record.  That's different, and makes more sense.  Also
makes Henry's answer of NO_DNS_FOR_FROM correct.

RuleQA results for that test:
http://ruleqa.spamassassin.org/?daterev=20110219&rule=NO_DNS_FOR_FROM

MSECSSPAM% HAM% S/ORANK   SCORE  NAME   WHO/AGE
0   1.8012   0.3061   0.8550.620.00  NO_DNS_FOR_FROM  

It hits 1.8% of spam and 0.3% of non-spam.

/var/lib/spamassassin/3.003001/updates_spamassassin_org$ grep NO_DNS_FOR_FROM 
50_scores.cf
score NO_DNS_FOR_FROM 0 0.379 0 0.001 # n=0 n=2

Looks like it's enabled?

-- 
"Am I a man who dreamed I was a butterfly, or am I a butterfly who is
dreaming I am a man?" - Chuang Tsu, ~350 BC
http://www.ChaosReigns.com

Re: Points for missing MX Records

[Michelle Konzack]

Hello Henry | Security Division,

Am 2011-02-23 11:24:27, hacktest Du folgendes herunter:
> I have a question. Is it possible to check with a Spamassassin rule
> for existing MX records of a sender domain and give points if the MX
> records exist or not exist?

The problem, is that a MX record is NOT required for a sending host.

So, if a server has a mailinterface and you will get a confirmation mail
or even a copy of the mail your spamassassin wil score it for rejection.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: Points for missing MX Records

[Michelle Konzack]

Hello Henry | Security Division,

Am 2011-02-23 12:59:58, hacktest Du folgendes herunter:
> Hi Martin,
> 
> i know what you mean. Your sender domain is gregorie.org. There are
> two MX records in your DNS Zone. So that´s fine. I just want
> Spamassassin to flag mails from senders who have no MX Records. I
> have tested this anti-spam mechanism in a big environment on a
> commercial mailgateway and much spam is filtered just by this rule.
> It caused some false positives in the beginning of course but I
> personally think that everybody who sends mails should also have MX
> records to receive mails!

And WHY should my domain   have  a  MX
record if the will NEVER receive any mails?

A MX record is ONLY required, if the sending host can receive mails.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: Points for missing MX Records

[David F. Skoll]

On Wed, 23 Feb 2011 18:43:58 +0100
Michelle Konzack  wrote:

> And WHY should my domain   have  a
> MX record if the will NEVER receive any mails?

Well... any domain that sends mail must be prepared to receive it
also, if only to receive DSNs.

It is routine to block mail from a sending domain if it lacks MX, A and 
records.  Sendmail does that by default.

Blocking simply for a lack of MX records is wrong, however.

[Note: I refer to the domain part of the envelope sender here.  It has
nothing to do with the domain name of the machine doing the sending.]

Regards,

David.

Re: Points for missing MX Records

[Michelle Konzack]

Hello Henry | Security Division,

Am 2011-02-23 13:50:19, hacktest Du folgendes herunter:
> This is also very interesting, Michael:
> 
> (From the RFC link I sent before)
> 
> Being able to detect domains that never accept email offers many
> resource savings to an SMTP server. In the first instance, it can
> choose to reject email during the SMTP conversation that does not
> present a deliverable 2821.MailFrom domain.

Then you will reject Mails from nearly ANY big ISPs  because  they  have
seperated OUT-BOUND and IN-BOUND servers...

Ans OUT-BOUND servers will not receive mails.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: Points for missing MX Records

[Mark Martinec]

David F. Skoll writes:
> Well... any domain that sends mail must be prepared to receive it
> also, if only to receive DSNs.
> It is routine to block mail from a sending domain if it lacks MX, A and
>  records.  Sendmail does that by default.
> Blocking simply for a lack of MX records is wrong, however.
> [Note: I refer to the domain part of the envelope sender here.  It has
> nothing to do with the domain name of the machine doing the sending.]

I agree on all accounts. If one receives a message but it later turns out
that i cannot be delivered for some reason (e.g. quota exceeded,
or mailbox unavailable for few days, ...), a DSN must be sent.
If the domain specified in the envelope is indicating that it is not
willing to receive any mail, than that message is effectively lost:
neither recipient nor the sender can be notified.

The only place that such loss can be prevented is to check
that the sending domain has its MX or A or  record,
right away while the message is being received.
It is prudent to reject such unbouncible mail right away,
before even accepting it. This is the only opportunity that
the sender can be made aware of the problem.

  Mark

Re: Points for missing MX Records

[RW]

On Wed, 23 Feb 2011 19:30:20 +0100
Mark Martinec  wrote:

> David F. Skoll writes:
> > Well... any domain that sends mail must be prepared to receive it
> > also, if only to receive DSNs.
> > It is routine to block mail from a sending domain if it lacks MX, A
> > and  records.  Sendmail does that by default.
> > Blocking simply for a lack of MX records is wrong, however.
> > [Note: I refer to the domain part of the envelope sender here.  It
> > has nothing to do with the domain name of the machine doing the
> > sending.]
> 
> I agree on all accounts. If one receives a message but it later turns
> out that i cannot be delivered for some reason (e.g. quota exceeded,
> or mailbox unavailable for few days, ...), a DSN must be sent.
> If the domain specified in the envelope is indicating that it is not
> willing to receive any mail, than that message is effectively lost:
> neither recipient nor the sender can be notified.

That's true for person to person mail, but there are kinds of mail
where loss is inconsequential and no-one is going to read the DSNs
e.g. newsletters.


NO_DNS_FOR_FROM scores low for good reason

Re: Points for missing MX Records

[Lee Dilkie]

You are confusing servers with *domains*. It's perfectly acceptable that
an outgoing mail server not accept incoming mail but the issue here is
whether is it is valid for a *domain* to be "send-only".

It's an interesting question. For DSN's to work, you need to accept
email for that domain. But is it allowed, in the rfcs, to be a
"send-only" domain (no MX record) even if that means DSN's cannot be
delivered? good question.

-lee


On 2/23/2011 12:51 PM, Michelle Konzack wrote:
> Hello Henry | Security Division,
>
> Am 2011-02-23 13:50:19, hacktest Du folgendes herunter:
>> This is also very interesting, Michael:
>>
>> (From the RFC link I sent before)
>>
>> Being able to detect domains that never accept email offers many
>> resource savings to an SMTP server. In the first instance, it can
>> choose to reject email during the SMTP conversation that does not
>> present a deliverable 2821.MailFrom domain.
> Then you will reject Mails from nearly ANY big ISPs  because  they  have
> seperated OUT-BOUND and IN-BOUND servers...
>
> Ans OUT-BOUND servers will not receive mails.
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
>

Re: Points for missing MX Records

[Dominic Benson]

On 23/02/11 18:48, RW wrote:

On Wed, 23 Feb 2011 19:30:20 +0100
Mark Martinec  wrote:

   

David F. Skoll writes:
 

Well... any domain that sends mail must be prepared to receive it
also, if only to receive DSNs.
It is routine to block mail from a sending domain if it lacks MX, A
and  records.  Sendmail does that by default.
Blocking simply for a lack of MX records is wrong, however.
[Note: I refer to the domain part of the envelope sender here.  It
has nothing to do with the domain name of the machine doing the
sending.]
   

I agree on all accounts. If one receives a message but it later turns
out that i cannot be delivered for some reason (e.g. quota exceeded,
or mailbox unavailable for few days, ...), a DSN must be sent.
If the domain specified in the envelope is indicating that it is not
willing to receive any mail, than that message is effectively lost:
neither recipient nor the sender can be notified.
 

That's true for person to person mail, but there are kinds of mail
where loss is inconsequential and no-one is going to read the DSNs
e.g. newsletters.


NO_DNS_FOR_FROM scores low for good reason
   


As only the sender knows that they don't care about bounces, they should 
accept but blackhole the messages under those circumstances. Otherwise 
they're clogging the mail queues on systems that do end up having to 
send a DSN. SA's score for NO_DNS_FOR_FROM may be low, but plenty 
systems will never accept such mail. With good reason!

Re: Points for missing MX Records

[Mahmoud Khonji]

It is against best practices to have a send-only domain.

A sending mail server should accept ab...@example.com, and number of
other IDs according to best practices.

However, since many legit senders ignore this, it turns out that FP
rate is too high for now.

On 2/23/11, Michelle Konzack  wrote:
> Hello Henry | Security Division,
>
> Am 2011-02-23 13:50:19, hacktest Du folgendes herunter:
>> This is also very interesting, Michael:
>>
>> (From the RFC link I sent before)
>>
>> Being able to detect domains that never accept email offers many
>> resource savings to an SMTP server. In the first instance, it can
>> choose to reject email during the SMTP conversation that does not
>> present a deliverable 2821.MailFrom domain.
>
> Then you will reject Mails from nearly ANY big ISPs  because  they  have
> seperated OUT-BOUND and IN-BOUND servers...
>
> Ans OUT-BOUND servers will not receive mails.
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
>
> --
> # Debian GNU/Linux Consultant ##
>Development of Intranet and Embedded Systems with Debian GNU/Linux
>
> itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
> Owner Michelle KonzackOwner Michelle Konzack
>
> Apt. 917 (homeoffice)
> 50, rue de Soultz Kinzigstraße 17
> 67100 Strasbourg/France   77694 Kehl/Germany
> Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
> Tel: +33-9-52705884 fix
>
>   
>  
>
> Jabber linux4miche...@jabber.ccc.de
> ICQ#328449886
>
> Linux-User #280138 with the Linux Counter, http://counter.li.org/
>


-- 
Regards,
Mahmoud Khonji

Re: Points for missing MX Records

[John Hardin]

On Wed, 23 Feb 2011, Mahmoud Khonji wrote:


It is against best practices to have a send-only domain.

A sending mail server should accept ab...@example.com, and number of
other IDs according to best practices.


And postmas...@example.com is _required_.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  When designing software, any time you think to yourself "a user
  would never be stupid enough to do *that*", you're wrong.
---
 77 days since the first successful private orbital launch (SpaceX)

Re: Points for missing MX Records

[David F. Skoll]

On Wed, 23 Feb 2011 23:03:46 +0400
Mahmoud Khonji  wrote:

> However, since many legit senders ignore this, it turns out that FP
> rate is too high for now.

I am unaware of a single FP from our policy of rejecting
MAIL FROM: where example.org lacks MX, A and  records.

Do you have an example of such a FP?

Also, RFC 5321 [which I realize is not yet a standard] says this:

   The first step in the procedure is the MAIL command.

  MAIL FROM: [SP  ] 

   [...] The  portion of the first or
   only argument contains the source mailbox (between "<" and ">"
   brackets), which can be used to report errors

Since an SMTP server that accepts a message and subsequently fails to
deliver it MUST report errors to the reverse-path (unless it is null),
it is reasonable to reject mail from a reverse-path that cannot
possibly accept an error report.

Regards,

David.

Re: Points for missing MX Records

[David F. Skoll]

On Wed, 23 Feb 2011 18:48:51 +
RW  wrote:

> That's true for person to person mail, but there are kinds of mail
> where loss is inconsequential and no-one is going to read the DSNs
> e.g. newsletters.

Strongly disagree.

If you're sending newsletters, you'd *darn better* have a bounce-processor
that can help keep your lists clean.  Otherwise, you'll be spewing unwanted
messages to nonexistent recipients without even realizing it.

On the rare occasion you don't want a DSN, you use an envelope sender
of <>.

Regards,

David.

Re: Points for missing MX Records

[Henry | Security Division]

Am 23.02.11 18:51, schrieb Michelle Konzack:
> Hello Henry | Security Division,
>
> Am 2011-02-23 13:50:19, hacktest Du folgendes herunter:
>> This is also very interesting, Michael:
>>
>> (From the RFC link I sent before)
>>
>> Being able to detect domains that never accept email offers many
>> resource savings to an SMTP server. In the first instance, it can
>> choose to reject email during the SMTP conversation that does not
>> present a deliverable 2821.MailFrom domain.
> Then you will reject Mails from nearly ANY big ISPs  because  they  have
> seperated OUT-BOUND and IN-BOUND servers...
>
> Ans OUT-BOUND servers will not receive mails.
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
>
Hi Michelle,
I think you didn?t understand what I want. I don?t want to check if the
sender domain matches the MX records. I want to check IF the sender
domain has any MX records.

There have been a lot of mail today why I wanna do this. I just had a
question if it is possible or not. There have been more mail concerning
the reason for this check. I just don?t want mails from domains which
don?t have a MX record. The End.

-- 
This message was scanned by the LM Networkx Mailsystem and is believed to be 
clean of viruses. However, we are not liable for any virus contamination.
Please contact the Postmaster (postmas...@lm-networkx.de) if you received this 
mail in error or if you think that it is spam.

LM Networkx Mailsystem

Re: Points for missing MX Records

[Darxus]

On 02/23, Henry | Security Division wrote:
>  Being able to detect domains that never accept email offers many
^^^

>  Then you will reject Mails from nearly ANY big ISPs  because  they  have
>  seperated OUT-BOUND and IN-BOUND servers...
^^^

A server that does not accept emails is not the same as a domain that
does not accept emails.

-- 
"It is the first responsibility of every citizen to question authority."
- Benjamin Franklin
http://www.ChaosReigns.com

Re: Points for missing MX Records

[Bernd Petrovitsch]

On Mit, 2011-02-23 at 18:48 +, RW wrote: 
> On Wed, 23 Feb 2011 19:30:20 +0100
[...] 
> That's true for person to person mail, but there are kinds of mail
> where loss is inconsequential and no-one is going to read the DSNs
> e.g. newsletters.

Sounds like a spammer? SCNR 

And that's a decision on the newsletter-sender side so they should (or
better must) accept the DSNs and ignore them themselves.

Simply not accepting them pushes *their* job, work and effort out to the
ones which are "spammed" by the newsletters (or which happen to run the
mail hub in between) filling their queues and wasting resources to try
to deliver these mails.

BTW is it IMNSHO a very bad practice of these "newsletter senders" to
completely ignore that (which is IMNSHO another sign of spamming - if
you try to be serious, you shouldn't send out mail to addresses which
you (can/should) know that they do not exist). If a mailbox vanishes
(which should be identifiable from the error message), one should plain
simply remove that address from the newsletter (or at the very least
deactivate delivery).

Bernd
-- 
Bernd Petrovitsch  Email : be...@petrovitsch.priv.at
 LUGA : http://www.luga.at

Re: Points for missing MX Records

[Bernd Petrovitsch]

On Mit, 2011-02-23 at 11:08 -0800, John Hardin wrote: 
> On Wed, 23 Feb 2011, Mahmoud Khonji wrote:
> 
> > It is against best practices to have a send-only domain.
> >
> > A sending mail server should accept ab...@example.com, and number of
> > other IDs according to best practices.
> 
> And postmas...@example.com is _required_.

So all sender-only domains should simply put on rfc-ignorant.org.

Bernd
-- 
Bernd Petrovitsch  Email : be...@petrovitsch.priv.at
 LUGA : http://www.luga.at

Re: Points for missing MX Records

[Benny Pedersen]

On Thu, 24 Feb 2011 09:49:43 +0100, Bernd Petrovitsch
 
>> And postmas...@example.com is _required_.
> So all sender-only domains should simply put on rfc-ignorant.org.

not really a fault of rfc-ignorant that it will be disabled default in
upcomming next version of spamassassin, but mx scoreing is not really
usefull spam sign either, since its perfectly valid to have both apache and
postfix running on same wan ip or even have 2 diff wan ips

Re: Points for missing MX Records

[RW]

On Thu, 24 Feb 2011 09:48:21 +0100
Bernd Petrovitsch  wrote:

> On Mit, 2011-02-23 at 18:48 +, RW wrote: 
> > On Wed, 23 Feb 2011 19:30:20 +0100
> [...] 
> > That's true for person to person mail, but there are kinds of mail
> > where loss is inconsequential and no-one is going to read the DSNs
> > e.g. newsletters.


> And that's a decision on the newsletter-sender side so they should (or
> better must) accept the DSNs and ignore them themselves.
> 
> Simply not accepting them pushes *their* job, work and effort out to
> the ones which are "spammed" by the newsletters (or which happen to
> run the mail hub in between) filling their queues and wasting
> resources to try to deliver these mails.

If you want to punish a sender for not following best practice then the
place to do it is in the MTA. Since SpamAssassin often runs on mail
that's been accepted it should be, and is, more pragmatic.
NO_DNS_FOR_FROM doesn't perform well enough to warrant a substantial
score.

Re: Points for missing MX Records

[Joseph Brennan]

Multiple comments ...



I just want Spamassassin to check if there is a MX Record in DNS for
the sender.


I have no sense of how productive this would be.  Have you looked up
a good sample of sender domains and found that spammers are significantly
less likely to have an MX?  That would make it interesting to check.




It would  also be cool if Spamassassin could compare senderdomain
and helo name.


Helo should match the hostname, but that's all.  There are many
instances where the sender address is a different domain.  Vanity
domains, third-party mailings, and merged companies lead the list.
Much of it is legitimate mail.  Check any online bank or credit
statements you might have, for example.




reject_unknown_sender_domain

 Reject the request when Postfix is not final destination for the sender
address, and the MAIL FROM address has no DNS A or MX record,


I assume that, like Sendmail, it has already converted CNAMEs
when it does this test.  Sendmail rejects for having none of MX, A,
or .  That hits 3% of mail thrown at our system.




The problem, is that a MX record is NOT required for a sending host.


Who proposed checking that?  The question was about checking for an
MX record for the sender address, not the host.



Joseph Brennan
Columbia University Information Technology

Re: Points for missing MX Records

[Michelle Konzack]

Hello Mahmoud Khonji,

Am 2011-02-23 23:03:46, hacktest Du folgendes herunter:
> A sending mail server should accept ab...@example.com, and number of

This is wrong because, only public ISP offering MAILSERVICES  must  have
an  addresses.  The only one required, is the   which
is clearly writte in the RFCs.

> However, since many legit senders ignore this, it turns out that FP
> rate is too high for now.

Oh I should not, that my  server had tonns of faulty DSNs...
do to spammmers using forged From:

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: Points for missing MX Records

[Michelle Konzack]

Hello Joseph Brennan,

Am 2011-02-24 09:43:24, hacktest Du folgendes herunter:
> I have no sense of how productive this would be.  Have you looked up
> a good sample of sender domains and found that spammers are significantly
> less likely to have an MX?  That would make it interesting to check.

DUL for example or scan the sending FQDN for keywords

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: Points for missing MX Records

[Dominic Benson]

On 24 Feb 2011, at 20:01, Michelle Konzack wrote:

> Hello Mahmoud Khonji,
> 
> Am 2011-02-23 23:03:46, hacktest Du folgendes herunter:
>> A sending mail server should accept ab...@example.com, and number of
> 
> This is wrong because, only public ISP offering MAILSERVICES  must  have
> an  addresses.  The only one required, is the   which
> is clearly writte in the RFCs.

That's at best debatable. The mail services certainly don't have to be 
completely public; an organisation should accept abuse reports relating to e.g. 
mail sent by employees. In fact, you can argue that if *anyone* other than the 
person who would read abuse@ is using the service, it applies.


> 
>> However, since many legit senders ignore this, it turns out that FP
>> rate is too high for now.
> 
> Oh I should not, that my  server had tonns of faulty DSNs...
> do to spammmers using forged From:
> 


Yes. Isn't it annoying. How, then, is that an argument in support of generating 
them on other peoples mail servers in response to your newsletter?

Re: Points for missing MX Records

[Giles Coochey]

On 24/02/2011 21:30, Dominic Benson wrote:

On 24 Feb 2011, at 20:01, Michelle Konzack wrote:


Hello Mahmoud Khonji,

Am 2011-02-23 23:03:46, hacktest Du folgendes herunter:

A sending mail server should accept ab...@example.com, and number of

This is wrong because, only public ISP offering MAILSERVICES  must  have
an  addresses.  The only one required, is the   which
is clearly writte in the RFCs.

That's at best debatable. The mail services certainly don't have to be 
completely public; an organisation should accept abuse reports relating to e.g. 
mail sent by employees. In fact, you can argue that if *anyone* other than the 
person who would read abuse@ is using the service, it applies.


If a mail service is private then they can do what the hell they like, 
it might not be fully SMTP compliant, but then again, if it is a private 
mail service they are under no obligation to follow any rules.


--
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Points for missing MX Records

[Matus UHLAR - fantomas]

> Hello Mahmoud Khonji,
> 
> Am 2011-02-23 23:03:46, hacktest Du folgendes herunter:
> > A sending mail server should accept ab...@example.com, and number of

On 24.02.11 21:01, Michelle Konzack wrote:
> This is wrong because, only public ISP offering MAILSERVICES  must  have
> an  addresses.  The only one required, is the   which
> is clearly writte in the RFCs.

Incorrect. You must have abuse@addresses iat your domain registration
boundary, if you can receive e-mail.

http://www.rfc-ignorant.org/policy-abuse.php

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot. 

Re: Points for missing MX Records

[David F. Skoll]

On Fri, 25 Feb 2011 21:55:12 +0100
Matus UHLAR - fantomas  wrote:

> Incorrect. You must have abuse@addresses iat your domain registration
> boundary, if you can receive e-mail.

> http://www.rfc-ignorant.org/policy-abuse.php

That quotes RFC 2142, which is only a proposed standard.  rfc-ignorant.org
is pretty well known for being... how to put this delicately... aggressive.

Regards,

David.

Re: Points for missing MX Records

[Per Jessen]

David F. Skoll wrote:

> On Fri, 25 Feb 2011 21:55:12 +0100
> Matus UHLAR - fantomas  wrote:
> 
>> Incorrect. You must have abuse@addresses iat your domain registration
>> boundary, if you can receive e-mail.
> 
>> http://www.rfc-ignorant.org/policy-abuse.php
> 
> That quotes RFC 2142, which is only a proposed standard. 

Don't RFCs become standard through general/public acceptance? 

> rfc-ignorant.org is pretty well known for being... how to put this
> delicately... aggressive.

I would have said open and transparent.  What's being listed and how to
get listed is very, very obvious.  There are lots of lists where both
are a lot less obvious. 


/Per Jessen, Zürich

Re: Points for missing MX Records

[Michael Scheidell]

On 2/25/11 4:04 PM, David F. Skoll wrote:

That quotes RFC 2142, which is only a proposed standard.  rfc-ignorant.org
is pretty well known for being... how to put this delicately... aggressive.



'back in the day', if an isp/email provider or luser did not have a 
postmaster and abuse account, it was pretty much a sign they didn't want 
to know about abuse, or were ignorant at best, and it was a fairly good 
sign that the domain could product larger then normal amounts of spam.


Today, well, yes, they are ignorant, but they also don't have proper 
RDNS, helo's are the default windows internal server name, don't know to 
set up a postmaster and abuse account that is read by anyone, and if 
they did, all they get is spam.

(yes, we have them, and all we get is spam to them)

bogus mx is still a good sign of something wrong (although for a while 
there one of the large hosted email providers was listed because they 
had their clients use cnames as mx records).


bad dns (where people stop allowing null sender), is iffy.  lots of 
companies block null sender (and postmaster/mailer-daemon) due to abuse 
by sender callouts, so you really can't use that list anymore.


whois list.  well, lots of folks got tired of spammers sending email to 
the whois contact so they don't list valid names, or use some 
obstrusificaiton.


The world changes.  where rfc-ignorant was very useful at one time, even 
being used in preque/mta checks it has mostly lost its relevance.
As for SA, it wasn't political.  the nightly mass checks did not show 
much of a difference on spam vs ham for domains with/without postmaster 
or abuse addresses, so that is why the default scores are they way they 
are: (and I would almost say, just drop dns_from_rfc_dsn and 
rfc_abuse_post, but they cost almost nothing.. I mean.. .001 points for 
having a missing abuse and a missing postmaster? that is every default 
exchange install, isn't it? buts its only .001 points.


50_scores.cf:score DNS_FROM_RFC_BOGUSMX 0 1.464 0 1.668 # n=0 n=2
50_scores.cf:score DNS_FROM_RFC_DSN 0 0.001 0 0.001 # n=0 n=2
72_scores.cf:score RFC_ABUSE_POST  0.001 0.001 0.001 0.001

So, with the exception of bogusmx (again, you have companies with cnames 
for mx listed), the rest are not very useful.


to kill them all, this should do it.  It should prevent the original dns 
lookup, and then none of the other tests will ever pass.


meta __RFC_IGNORANT_ENVFROM (0)

for completeness, you can include:

score DNS_FROM_RFC_BOGUSMX 0
score __DNS_FROM_RFC_POST 0
score __DNS_FROM_RFC_ABUSE 0
score __DNS_FROM_RFC_WHOIS 0
score DNS_FROM_RFC_DSN 0
score DNS_ABUSE_POST 0

--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best in Email Security,2010: Network Products Guide
   * King of Spam Filters, SC Magazine 2008

__
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
__  

Re: Points for missing MX Records

[Matus UHLAR - fantomas]

> On Fri, 25 Feb 2011 21:55:12 +0100
> Matus UHLAR - fantomas  wrote:
> > Incorrect. You must have abuse@addresses iat your domain registration
> > boundary, if you can receive e-mail.
> 
> > http://www.rfc-ignorant.org/policy-abuse.php

On 25.02.11 16:04, David F. Skoll wrote:
> That quotes RFC 2142, which is only a proposed standard.  rfc-ignorant.org
> is pretty well known for being... how to put this delicately... aggressive.

What I wanted to tell, is that:
1. abuse@ IS documented in RFC
2. abuse@ does NOT apply only to ISPs, it applies to everyone who accepts
mail, at registration boundary.

Imho the rfc-ignorant blacklist only documents who does not follow the RFCs,
trying to do it as good as possible.

...and we still don't have better standardized and documented way to report
abuse, do we?

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name. 

Re: Points for missing MX Records

[David F. Skoll]

On Sat, 26 Feb 2011 16:17:28 +0100
Matus UHLAR - fantomas  wrote:

[...]

> ...and we still don't have better standardized and documented way to
> report abuse, do we?

postmaster@ *has* to be there for sure, so if abuse@ is not, send
your reports to postmaster@

I understand what rfc-ignorant.org is trying to achieve.  The reality
is that blocking every site that would be a candidate for listing on
rfc-ignorant.org would cause huged numbers of FPs.

rfc-ignorant.org is very good at the "Be conservative in what you
send" part of the Robustness Principle, but no so good at "be liberal
in what you accept."

Regards,

David.

Re: Points for missing MX Records

[Per Jessen]

David F. Skoll wrote:

> On Sat, 26 Feb 2011 16:17:28 +0100
> Matus UHLAR - fantomas  wrote:
> 
> [...]
> 
>> ...and we still don't have better standardized and documented way to
>> report abuse, do we?
> 
> postmaster@ *has* to be there for sure, so if abuse@ is not, send
> your reports to postmaster@
> 
> I understand what rfc-ignorant.org is trying to achieve.  The reality
> is that blocking every site that would be a candidate for listing on
> rfc-ignorant.org would cause huged numbers of FPs.
> 
> rfc-ignorant.org is very good at the "Be conservative in what you
> send" part of the Robustness Principle, but no so good at "be liberal
> in what you accept."

I have been using rfc-ignorant for at least five years, I regularly
submit new sites and I apply a local list of whitelisted domains.  IMO,
it's not up to rfc-ignorant to apply judgement, rfc-ignorant is merely
the publisher of a list of domains meeting certain criteria.
To apply judgement is for me to do, not rfc-ignorant. I do this with SA
scores and by applying my whitelist. 

Perhaps one could argue that rfc-ignorant should publish a list
of "excused" or whitelisted domains, i.e. domains for whom it is deemed
reasonable to violate the criteria, but this would require rfc-ignorant
to apply judgement, something I would rather be without. 


/Per Jessen, Zürich

Re: Points for missing MX Records

[Bernd Petrovitsch]

On Fre, 2011-02-25 at 09:37 +0100, Giles Coochey wrote: 
> On 24/02/2011 21:30, Dominic Benson wrote:
> > On 24 Feb 2011, at 20:01, Michelle Konzack wrote:
> >
> >> Hello Mahmoud Khonji,
> >>
> >> Am 2011-02-23 23:03:46, hacktest Du folgendes herunter:
> >>> A sending mail server should accept ab...@example.com, and number of
> >> This is wrong because, only public ISP offering MAILSERVICES  must  have
> >> an  addresses.  The only one required, is the   which
> >> is clearly writte in the RFCs.
> > That's at best debatable. The mail services certainly don't have to
> be completely public; an organisation should accept abuse reports
> relating to e.g. mail sent by employees. In fact, you can argue that
> if *anyone* other than the person who would read abuse@ is using the
> service, it applies. 
> >
> If a mail service is private then they can do what the hell they like, 

... because they aren't visible to the rest of the world. And then no
one cares.

> it might not be fully SMTP compliant, but then again, if it is a private 
> mail service they are under no obligation to follow any rules.

Consequently on the mail receiving side, I'm also not under obligation
to follow any rules. So I judge these RFC-ignorant (even if they ignore
"only" a proposed RFC which happen to be really used/implemented since
ages) senders as potential spammers.
So what?

Bernd
-- 
Bernd Petrovitsch  Email : be...@petrovitsch.priv.at
 LUGA : http://www.luga.at

Re: Points for missing MX Records

[Bernd Petrovitsch]

On Sam, 2011-02-26 at 10:51 -0500, David F. Skoll wrote:
[...] 
> rfc-ignorant.org is very good at the "Be conservative in what you
> send" part of the Robustness Principle, but no so good at "be liberal
> in what you accept."

The problem with the "be liberal in what you accept" quote is, that
historically it was meant for technical issues. Nowadays people use it
as a lame excuse for organizational and/or other non-technical issues. 
Especially as they ignore the "be conservative in what you send" part in
it.

Bernd
-- 
Bernd Petrovitsch  Email : be...@petrovitsch.priv.at
 LUGA : http://www.luga.at

Re: Points for missing MX Records

[Graham Murray]

Mark Martinec  writes:

> The only place that such loss can be prevented is to check
> that the sending domain has its MX or A or  record,
> right away while the message is being received.
> It is prudent to reject such unbouncible mail right away,
> before even accepting it. This is the only opportunity that
> the sender can be made aware of the problem.

Should  records not only be checked if the receiving domain has the
capability of sending mail using IPv6? Otherwise mail received via IPv4
from a domain which only publishes an  record would also be
unbouncible. What also of a domain which has MX record(s) but the hosts
pointed to by those MX records only have  records not A records?
Mail from those domains would also be unbouncible if sent to an IPv4
only recipient.