Home page logo
/

nanog logo nanog mailing list archives

Re: It Continues...Sprint Is played the fool...
From: Michael Dillon <michael () memra com>
Date: Fri, 3 Jan 1997 23:45:13 -0800 (PST)

On Sat, 4 Jan 1997, Barry Shein wrote:

ridiculous story about how my refusing his mail with a 550 error is
making his software do this, ridiculous if you know how mail actually
works, that's like getting a User Unknown error, you just throw it on
the floor, he runs sendmail 8.7 under Unix, telnet to his SMTP port at
iq-internet.com.

Spammers don't send mail using sendmail or any other standard mailer. They
use special custom-built spamming programs that are geared to sending huge
quantities of the same message to LARGE mailing lists quickly and
efficiently. It's possible that his software has a bug that isn't dealing
with errors properly or it's possible that the mechanism to deal with
replies is recting badly to your mailer. 

When I say "replies" I am referring to the fact that spammers do not want
you to reply to their email. If they receive replies, they process them
with some sort of robot.  In the simplest case, all replies are sent to
the bit bucket. Now because Sprint's spam policy states that spamming is
OK as long as you remove people's addresses form your list if they request
it, their robot has to deal with that case and all spam from iq-internet
informs people that they can reply with "NO MAIL" in the subject to be
removed from the list. But spammers have another problem and they are
getting more sophisticated in dealing with that. I refer to the problem
created by irate spam recipients who then mailbomb the spammer. Spammers
are learning to deal with this by returning the messages to the source
with an error. I suspect that their spam software is screwing up and
treating your reject messages as a mail bombe and they are thus returning
them back to you creating a classic email loop.

    AT ABOUT 1AM EST THE MAIL LOOPING STARTS AGAIN, AFTER A FEW HOURS
    HIATUS. HE STARTED IT UP AGAIN!

Unbelievable, I'm sorry, but this sort of behavior is going to destroy
these networks, and I mean behavior on the part of people like
Sprint. Bad people will happen, I know that, we all know that, but the
people at Sprint have absolutely no excuse for their behavior other
than sheer gullibility or abrogation of any shred responsibility.

Barry, I agree with everyon on this list that this is NOT the place to be
discussing the problem. Please take this to the proper forum. If you would
post an account of your troubles along with the MX records for sprint.com,
sprintlink.net, etc. to the alt.2600 newsgroup then this problem would not
be occurring.

Are you a SPRINT customer? If not, you should be reporting this flood 
attack to your upstream provider who appears to be Alternet from my
vantage point. It doesn't matter whether it is a ping flood, SYN flood or
mailbomb attack, your provider can work their way up the channels to the
source of the problem. In the interim they can install filters on their
router port to you that will block port 25 from the offending site. This
takes the load off your shoulders and also frees up the bandwidth that you
are paying your upstream provider for. 

Michael Dillon                   -               Internet & ISP Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael () memra com

- - - - - - - - - - - - - - - - -


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]