[Mimedefang] Message header madness

- kd6lvw at yahoo.com
Fri Jul 31 16:10:35 EDT 2009


--- On Fri, 7/31/09, Bernd Petrovitsch <bernd at firmix.at> wrote:
> On Fri, 2009-07-31 at 01:35 -0700, - wrote:
> [...]
> >  Usenet, there are people who use "Reply-To" specifying a mailbox
> > under the reserved ".invalid" TLD and other values like "example.com".
> > If this is their only violation, their messages won't
> 
> Are you really sure?
> It's usually the other way around: You put an invalid email address (or
> one from a spam trap) into the "From:" and the real (and read) one into
> the "Reply-To:".
> The reason is that the "From:" addresses can be seen with the (quite
> cheap) list of all postings in a group, the "Reply-To:" only if you get
> the whole posting.
> Caveat emptor: Rules from the SMTP world may not apply to the NNTP
> world.

Yes, I am certain, because I have rules in my cleanfeed add-on to my news server (ISC INN 2.5.0) that detect this crap.  ".invalid" is specifically allowed in the NNTP message "From" header per RFC 2606 (although not specifically stated as such, the purpose in the RFC implies such).  However, the RFC and ICANN registrar contracts also say that "example" as a TLD or a 2LD (for gTLDs, not ccTLDs) should NEVER be seen on the live Internet, yet its combinations are being used in both From and Reply-To headers.  As many of these messages are from trolls and other idiots, I don't have a problem blocking them.

I bring this up only because some newsgroups are gated to (and from) mailing lists, and therefore, this may be seen by MD or other spam-mail detectors.

Here are a few I saw today:
439 Banned From (Rjack <user at example.net>)
439 Banned From (Desk Rabbit <me at example.com>)

439 Banned From (Margrave Nhor <. at .mn.iv.>) - Syntax error: "@."
439 Banned Reply-To (bobofficer at 127.0.0.7)  - Unroutable IP & bad literal

439 Banned Reply-To (jcorlis at fake.invalid)
439 Banned Reply-To (james_t.kirk at invalid)
439 Banned Reply-To (euclideSP at Mlive.it.invalid)
439 Banned Reply-To (<invalid at invalid.invalid>)
439 Banned Reply-To ("Bast" <fake_name at nomail.invalid>)
439 Banned Reply-To ("Newsgroup ...." <bad at example.invalid>)

There is absolutely no reason to set "Reply-To" to a non-reachable mailbox, especially when "From" is itself non-reachable.  The appropriate action is to not use the "Reply-To" header since it's not required.

Within Usenet, there has been some discussion of this in groups of the "eternal-september" hierarchy.

> Feel free to do it but I don't think it makes any sense to "punish"
> people for setting the default value into an optional field.

It's a matter of rfc-ignorance, and we all know how spammers don't pay attention.  If this is the only issue with the message, the score will remain less than the spam threshold, so there shouldn't be a problem.



More information about the MIMEDefang mailing list