Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: SRS

Why SRS really sucks

  

 
First page Previous page 1 2 3 Next page Last page  View All SPF srs RSS feed   Index | Next | Previous | View Threaded


jam at jamux

Mar 27, 2006, 2:20 PM

Post #26 of 70 (9452 views)
Permalink
Re: Why SRS really sucks [In reply to]
>>>>> "Tom" == Tom Lahti
>>>>> "Re: Why SRS really sucks"
>>>>> Mon, 27 Mar 2006 11:38:46 -0800

Tom> Due to a long history

There is also a long history establishing the absolute right of
anybody to reject any mail for any reason or for no reason.

jam

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


tom at tx3

Mar 27, 2006, 5:46 PM

Post #27 of 70 (9470 views)
Permalink
Re: Why SRS really sucks [In reply to]
>Actually we have one in our default Ruleset saying all evelopefrom which
>are:
>srs*=*.*=*@* should be rejected ...


>To give the "well known provider" a name:
>
>Schlund & Partner - one of Europes biggest webhoster (also known as
>kundenserver.de):
>
>https://service.schlund.de/service/news/news_neu.php3

Then you should be rejecting *@kundenserver.de, not
srs*=*.*=*@*. Even rejecting srs*=*.*=*@kundenserver.de, which is
what Stuart is suggesting, would be a far cry better. Do not condemn
the rest of us (who do SRS signing to catch forged DSN) for Schlund &
Partner's incompetence!


--
-- =========================
Tom Lahti
Tx3 Online Services

(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


tom at tx3

Mar 27, 2006, 5:49 PM

Post #28 of 70 (9457 views)
Permalink
Re: Why SRS really sucks [In reply to]
>Exactly. And we are not assigning semantics when we notice that
>local parts beginning with 'SRS' from a particular domain are all
>spam. It is just a pattern that we blacklist.

Yes, yes you are. That is what "assigning semantics" means!

>Of course! We don't know the hashkey, and can't even certain whether
>the signature is valid! Perhaps the braindead ISP is actually
>an old fashioned open-relay, and the spammers are adding the SRS
>coding to make the spam pass SPF and look like it is coming from
>the ISP.

No no! You can't assume that you know what ANY of it means. Just
because you know for certain you can't understand part of it doesn't
mean you can go assuming you understand some other part.

If the ISP is braindead, then they deserve to get their whole domain
rejected.


--
-- =========================
Tom Lahti
Tx3 Online Services

(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


tom at tx3

Mar 27, 2006, 5:52 PM

Post #29 of 70 (9465 views)
Permalink
Re: Re: Why SRS really sucks [In reply to]
>
> >>>>> "Tom" == Tom Lahti
> >>>>> "Re: Why SRS really sucks"
> >>>>> Mon, 27 Mar 2006 11:38:46 -0800
>
> Tom> Due to a long history
>
>There is also a long history establishing the absolute right of
>anybody to reject any mail for any reason or for no reason.
>
> jam

I would never dispute anyone's _right_ to decide whatever policy they
wish, RFC compliant or not, on their own servers. However, if one
wishes to participate in a community, one must speak the community's
language, and the public Internet SMTP community's language is RFC
2821 and RFC 2822. If you don't speak the language, then you are
stating your desire not to be part of the community. Works for me,
I'll just reject your non-compliant domain's mail.

That is MY right, and the right of everyone who wishes some standard
upon which meaningful communication can be based. If no meaningful
communication is possible between our servers, then to hell with your mail :P


--
-- =========================
Tom Lahti
Tx3 Online Services

(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


jam at jamux

Mar 28, 2006, 12:20 AM

Post #30 of 70 (9468 views)
Permalink
Re: Why SRS really sucks [In reply to]
>>>>> "Tom2" == Tom Lahti
>>>>> "Re: Re: Why SRS really sucks"
>>>>> Mon, 27 Mar 2006 17:52:27 -0800

>>
>> >>>>> "Tom" == Tom Lahti "Re: Why SRS really sucks"
>> >>>>> Mon, 27 Mar 2006 11:38:46 -0800
>>
Tom> Due to a long history
>>
>> There is also a long history establishing the absolute right of
>> anybody to reject any mail for any reason or for no reason.

Tom2> if one wishes to participate in a community, one must speak
Tom2> the community's language, and the public Internet SMTP
Tom2> community's language is RFC 2821 and RFC 2822.

Rfc2822 has nothing to do with rejecting mail. Rfc2821 specifies how
to indicate a rejection, or in other words, defines the language for
doing so. The vocabulary of rfc2821, if you will, includes the means
of expressing that a mail is rejected because of local policy.
Rfc2821 does not specify what that local policy may or may not
include. A SMTP response of '550 Go away' may be anti-social but is
compliant with rfc2821. The point is that the RFCs, and IIRC
"history", as used in this thread, do not define policy but how to
implement policy.

jam

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stuart at bmsi

Mar 28, 2006, 6:33 AM

Post #31 of 70 (9445 views)
Permalink
Re: Why SRS really sucks [In reply to]
On Mon, 27 Mar 2006, Tom Lahti wrote:

> If the ISP is braindead, then they deserve to get their whole domain
> rejected.

I agree. And I do that on my own mail system. "What idiots!" I say to
myself as into the blacklist they go. However, my customers do not
and will never understand why they can't get mail from joe [at] braindeadmta
who is their most important customer.

To put it another way, I *am* blacklisting the entire domain. It's
just that I also have a pattern based whitelist to let through
their important customers :-)

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


j.steigenberger at admins

Mar 28, 2006, 8:17 AM

Post #32 of 70 (9445 views)
Permalink
Re: Why SRS really sucks [In reply to]
> It is a valid criticism to claim that
> a method is hard to use, and hence has a high user error rate - however
> low the method error rate might be. BUT - please stop pretending
> that user errors are method errors.

Stuart,
the method error on SRS is, that you really can trust no one.

You never know before, if an SRS Forwarder did check for SPF.
Thats the whole point.

In all cases of abuse on SRS-faking, you have the problem, that the first
thing gets tru,
before you could blacklist ...

The domainowner must have the chance to prevent forwarding,
if he likes to do so ....

And if you continue saying SRS is necessary for any reason,
i have to tell you that i wish there were a parameter like NOFORWARD,
which could be added to SPF.
As soon as this is found in an SPF record it declares it is forbidden to use
SRS,
(SRS should respect this) and it is futile trying to forward mail on my
domain

If SPF and SRS would have implemented this, i could also live with SRSs
existence....

These could also change our mind and implenenting it too ....
But as long as it is not done:
My answer is: NO to SRS

--

Johann Steigenberger
Blacklistmaster at UCEPROTECT-Network
http://www.uceprotect.net

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


julian at mehnle

Mar 28, 2006, 8:44 AM

Post #33 of 70 (9530 views)
Permalink
Re: Why SRS really sucks [In reply to]
Johann Steigenberger wrote:
> the method error on SRS is, that you really can trust no one.
>
> You never know before, if an SRS Forwarder did check for SPF.
> Thats the whole point.

That's true, but if a forwarded message bothers you, just blame the
forwarder (who substituted their own domain for the original one).

> The domainowner must have the chance to prevent forwarding,
> if he likes to do so ....

...even if the forwarder rewrites the sender address to their own domain?
Are you kidding? This is simply not possible. Information can always be
copied and "forwarded". You'll never be able to prevent that!

> And if you continue saying SRS is necessary for any reason,
> i have to tell you that i wish there were a parameter like NOFORWARD,
> which could be added to SPF.

That would be pointless, just like the various "no-copy" bits in the TV
broadcasting or storage medium industry. Such a thing can only work if
ALL devices honor it, i.e. non-compliant devices are outlawed.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stuart at bmsi

Mar 28, 2006, 8:59 AM

Post #34 of 70 (9450 views)
Permalink
Re: Why SRS really sucks [In reply to]
On Tue, 28 Mar 2006, Julian Mehnle wrote:

> > And if you continue saying SRS is necessary for any reason,
> > i have to tell you that i wish there were a parameter like NOFORWARD,
> > which could be added to SPF.
>
> That would be pointless, just like the various "no-copy" bits in the TV
> broadcasting or storage medium industry. Such a thing can only work if
> ALL devices honor it, i.e. non-compliant devices are outlawed.

And non-compliant devices continue to exist on the black market even
when outlawed.

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


j.steigenberger at admins

Mar 28, 2006, 9:11 AM

Post #35 of 70 (9482 views)
Permalink
Re: Why SRS really sucks [In reply to]
Hi Julian,

>> The domainowner must have the chance to prevent forwarding,
>> if he likes to do so ....

>even if the forwarder rewrites the sender address to their own domain?
>Are you kidding? This is simply not possible. Information can always be
>copied and "forwarded". You'll never be able to prevent that!

>> And if you continue saying SRS is necessary for any reason,
>> i have to tell you that i wish there were a parameter like NOFORWARD,
>> which could be added to SPF.

>That would be pointless, just like the various "no-copy" bits in the TV
>broadcasting or storage medium industry. Such a thing can only work if
>ALL devices honor it, i.e. non-compliant devices are outlawed.

I donīt think so:

Getting an SRS Mail you always have an envelope-from like this:
SRS*=*=forwardet-domain.com=user-on-forwardet [at] forwarder

If SPF would in such a scenario check the initial domain in the localpart
(in our example forwardet-domain.com) too,
and not only the domainpart (forwarder.com), and it found that the forwarder
did against the domainowners direction, this would clearly be an indicator
to
blacklist the forwarder for SRS-Abuse.

This would logically work ...

Yes i know, Tom Lathi will tell me that this would violate RFCs ....
But: SRS itself is violating the RFCs too :-)
Or is there anyone which want to tell me that someone using SRS will take a
standard NDR ???

:-)))

i think seriously not after all those "SRS is soo cool to prevent faked NDR
Stories :-)

--

Johann Steigenberger
Blacklistmaster at UCEPROTECT-Network
http://www.uceprotect.net




-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stuart at bmsi

Mar 28, 2006, 10:50 AM

Post #36 of 70 (9441 views)
Permalink
Re: Why SRS really sucks [In reply to]
On Tue, 28 Mar 2006, Johann Steigenberger wrote:

> Or is there anyone which want to tell me that someone using SRS will take a
> standard NDR ???

Sure, I'll tell you that. I use SRS and get all the NDRs that are
actually sent in response to my emails. That is actually the whole point of
SRS.

> i think seriously not after all those "SRS is soo cool to prevent faked NDR
> Stories :-)

Right - and I don't get any fake NDRs. That is a side effect, but a nice
one - and arguably more important than the original purpose.

100% fake NDR exclusion with 0% false positives. What's not to like?

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


julian at mehnle

Mar 28, 2006, 11:04 AM

Post #37 of 70 (9463 views)
Permalink
Re: Why SRS really sucks [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johann Steigenberger wrote:
> > > And if you continue saying SRS is necessary for any reason,
> > > i have to tell you that i wish there were a parameter like NOFORWARD,
> > > which could be added to SPF.
> >
> > That would be pointless, just like the various "no-copy" bits in the TV
> > broadcasting or storage medium industry. Such a thing can only work if
> > ALL devices honor it, i.e. non-compliant devices are outlawed.
>
> I don't think so:
>
> Getting an SRS Mail you always have an envelope-from like this:
> SRS*=*=forwardet-domain.com=user-on-forwardet [at] forwarder
>
> If SPF would in such a scenario check the initial domain in the
> localpart (in our example forwardet-domain.com) too,
> and not only the domainpart (forwarder.com), and it found that the
> forwarder did against the domainowners direction, this would clearly be
> an indicator to blacklist the forwarder for SRS-Abuse.

Define "find that the forwarder did against the domain owner's direction".
You can't use SPF records to check that because SPF records only apply to
the RHS (right-hand-side, after the @) domain of e-mail addresses, not to
any domains embedded in the localpart by obscure sender rewriting schemes.

I don't mean to say that SRS is obscure, but from SPF's point of view, SRS
just doesn't matter. All SPF cares about is the RHS domain and no other.

It _was_ the original point of SRS to legitimately(!) "circumvent" SPF when
forwarding. And that sort of circumvention _is_ acceptable because when
mail from <SRS...@forwarder.com> bounces, it goes exactly to forwarder.com
and nowhere else, so the forwarder has to deal with it, not the (supposed)
original domain. Thus the original domain is still protected against
envelope sender forgery and false bounces, which is what SPF is meant for.

There is no way to prevent mail from being forwarded. Please try to
understand what "forwarding" means, then perhaps it will become clear.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEKYjDwL7PKlBZWjsRAjUyAKC8vOdAotnRpAUABFUDDcZzY7XjmwCbB78f
j1ai+kI7D6YDq/9WTKou/5A=
=isBf
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


davidnicol at gmail

Mar 28, 2006, 12:01 PM

Post #38 of 70 (9438 views)
Permalink
Re: Why SRS really sucks [In reply to]
On 3/28/06, Julian Mehnle <julian [at] mehnle> wrote:

> > Getting an SRS Mail you always have an envelope-from like this:
> > SRS*=*=forwardet-domain.com=user-on-forwardet [at] forwarder
> >
> > If SPF would in such a scenario check the initial domain in the
> > localpart (in our example forwardet-domain.com) too,
> > and not only the domainpart (forwarder.com), and it found that the
> > forwarder did against the domainowners direction, this would clearly be
> > an indicator to blacklist the forwarder for SRS-Abuse.
>
> Define "find that the forwarder did against the domain owner's direction".
> You can't use SPF records to check that because SPF records only apply to
> the RHS (right-hand-side, after the @) domain of e-mail addresses, not to
> any domains embedded in the localpart by obscure sender rewriting schemes.
>
> I don't mean to say that SRS is obscure, but from SPF's point of view, SRS
> just doesn't matter. All SPF cares about is the RHS domain and no other.

the standardization of SRS allows a fancy SPF checker to pull the LHS apart
and parse the headers for the previous hop, before checking. This kind of thing
makes sense in the situation where an ISP is properly SRS-forwarding everything
they get including SPF failures. As is under discussion.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


tom at tx3

Mar 28, 2006, 12:23 PM

Post #39 of 70 (9452 views)
Permalink
Re: Why SRS really sucks [In reply to]
>the standardization of SRS allows a fancy SPF checker to pull the LHS apart
>and parse the headers for the previous hop, before checking. This
>kind of thing
>makes sense in the situation where an ISP is properly SRS-forwarding
>everything
>they get including SPF failures. As is under discussion.

There is no way in heck you should be pulling apart someone else's
rewritten local part and trying to make sense of it, and worse --
doing something with "information" based on your assumptions that you
know what it means.

If what you are suggesting comes to pass, I'll make up my own
proprietary SRS/RPR-like rewriting scheme, (maybe even encrypting the
whole thing with a private key to prevent someone from even
attempting to make sense of it), and I won't share it :P

My addressing in my local part is MY business, there's no way you're
going to start requiring MY local part to be in a format to fit YOUR desires.


--
-- =========================
Tom Lahti
Tx3 Online Services

(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


davidnicol at gmail

Mar 28, 2006, 12:32 PM

Post #40 of 70 (9444 views)
Permalink
Re: Why SRS really sucks [In reply to]
On 3/28/06, Tom Lahti <tom [at] tx3> wrote:

> There is no way in heck you should be pulling apart someone else's
> rewritten local part and trying to make sense of it, and worse --
> doing something with "information" based on your assumptions that you
> know what it means.

http://www.libsrs2.org/srs/srs.pdf describes a format that allows
reconstructing the old return address. What planet do you live on,
Tom, and how is the weather there?

> If what you are suggesting comes to pass, I'll make up my own
> proprietary SRS/RPR-like rewriting scheme, (maybe even encrypting the
> whole thing with a private key to prevent someone from even
> attempting to make sense of it), and I won't share it :P

And I won't be receiving e-mail forwarded through your service.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


tom at tx3

Mar 28, 2006, 12:41 PM

Post #41 of 70 (9448 views)
Permalink
Re: Why SRS really sucks [In reply to]
>http://www.libsrs2.org/srs/srs.pdf describes a format that allows
>reconstructing the old return address. What planet do you live on,
>Tom, and how is the weather there?

Note that "shouldn't" and "can't" are entire different concepts. I
said "shouldn't".

> > If what you are suggesting comes to pass, I'll make up my own
> > proprietary SRS/RPR-like rewriting scheme, (maybe even encrypting the
> > whole thing with a private key to prevent someone from even
> > attempting to make sense of it), and I won't share it :P
>
>And I won't be receiving e-mail forwarded through your service.

You won't be able to tell the difference, because ALL of my outgoing
mail is rewritten.


--
-- =========================
Tom Lahti
Tx3 Online Services

(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stpeters at NetHeaven

Mar 28, 2006, 1:40 PM

Post #42 of 70 (9444 views)
Permalink
Re: Why SRS really sucks [In reply to]
Tom Lahti writes:
> There is no way in heck you should be pulling apart someone else's
> rewritten local part and trying to make sense of it, and worse --
> doing something with "information" based on your assumptions that you
> know what it means.

Tom,

I think you're forgetting that SRS is designed to have the LHS pulled
apart in multi-stage forwarding, so the LHS doesn't grow out of
bounds. A first rewriting results in an SRS0 address, while
forwarding of that results in an SRS1 address. Forwarding of the SRS1
address results in another SRS1 address. To keep the address from
growing too big, previous forwarders are eliminated from the encoded
return path, and that requires forwarders to understand and modify the
local part from previous forwarders.

To be compliant, your SRS must enable this, and that requires it stick
to the documented syntax. That in turn means your syntax can be
interpreted by others for reasons of their own.

If you try to prevent this by altering your syntax, then your mail
won't pass through multi-stage forwarding with SRS.

--
Dick St.Peters, stpeters [at] NetHeaven

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


tom at tx3

Mar 28, 2006, 1:45 PM

Post #43 of 70 (9456 views)
Permalink
Re: Why SRS really sucks [In reply to]
>If you try to prevent this by altering your syntax, then your mail
>won't pass through multi-stage forwarding with SRS.

I couldn't care less. I'm not interested in forwarding, only the
fake-DSN rejection.


--
-- =========================
Tom Lahti
Tx3 Online Services

(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stuart at bmsi

Mar 28, 2006, 2:36 PM

Post #44 of 70 (9463 views)
Permalink
Re: Why SRS really sucks [In reply to]
On Tue, 28 Mar 2006, Tom Lahti wrote:

> >If you try to prevent this by altering your syntax, then your mail
> >won't pass through multi-stage forwarding with SRS.
>
> I couldn't care less. I'm not interested in forwarding, only the
> fake-DSN rejection.

Same here. I was able to stop problems with idiots rejecting
'+' in localpart by switching to SES. But then that interacts
badly with greylisters. But ultimately, I can configure my SRS
to use any prefix I want to get around people mistaking my
signatures for SRS forwards. I can also change the char set
and delimiters used to get around the '+' idiots.

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


tom at tx3

Mar 28, 2006, 2:43 PM

Post #45 of 70 (9445 views)
Permalink
Re: Why SRS really sucks [In reply to]
>Same here. I was able to stop problems with idiots rejecting
>'+' in localpart by switching to SES. But then that interacts
>badly with greylisters. But ultimately, I can configure my SRS
>to use any prefix I want to get around people mistaking my
>signatures for SRS forwards. I can also change the char set
>and delimiters used to get around the '+' idiots.

I'm envisioning taking the entire SRS local part and
encrypting/encoding it into a stream of letters/numbers that are all
legal address characters. They would then be indistinguishable from,
say, an actual username made up of seemingly random letters and
numbers. Indistinguishable, that is, by any MTA exception my own :)


--
-- =========================
Tom Lahti
Tx3 Online Services

(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stpeters at NetHeaven

Mar 28, 2006, 3:05 PM

Post #46 of 70 (9445 views)
Permalink
Re: Why SRS really sucks [In reply to]
Tom Lahti writes:
> >If you try to prevent this by altering your syntax, then your mail
> >won't pass through multi-stage forwarding with SRS.
>
> I couldn't care less. I'm not interested in forwarding, only the
> fake-DSN rejection.

You don't care if the mail you/your users send gets through?

--
Dick St.Peters, stpeters [at] NetHeaven

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stuart at bmsi

Mar 28, 2006, 3:11 PM

Post #47 of 70 (9444 views)
Permalink
Re: Why SRS really sucks [In reply to]
On Tue, 28 Mar 2006, Tom Lahti wrote:

> >badly with greylisters. But ultimately, I can configure my SRS
> >to use any prefix I want to get around people mistaking my
> >signatures for SRS forwards. I can also change the char set
> >and delimiters used to get around the '+' idiots.
>
> I'm envisioning taking the entire SRS local part and
> encrypting/encoding it into a stream of letters/numbers that are all
> legal address characters. They would then be indistinguishable from,
> say, an actual username made up of seemingly random letters and
> numbers. Indistinguishable, that is, by any MTA exception my own :)

That is what SES did. But then they made the timestamp too precise to
work with greylisters. That could be a good extension for SRS
in sign mode, though. I could use resuse the bitpacket code from SES.

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stpeters at NetHeaven

Mar 28, 2006, 3:12 PM

Post #48 of 70 (9431 views)
Permalink
Re: Why SRS really sucks [In reply to]
Stuart D. Gathman writes:
> I was able to stop problems with idiots rejecting
> '+' in localpart by switching to SES.

I've had several confirmed cases of mail being rejected because the
mail-from had '=', but as best I know, I've had no problems from '+'
so far.

There's even a commercial anti-spam package for Windows servers that
has an option to refuse mail with '='.

--
Dick St.Peters, stpeters [at] NetHeaven

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stuart at bmsi

Mar 29, 2006, 7:25 AM

Post #49 of 70 (9426 views)
Permalink
Re: Why SRS really sucks [In reply to]
On Tue, 28 Mar 2006, Dick St.Peters wrote:

> Stuart D. Gathman writes:
> > I was able to stop problems with idiots rejecting
> > '+' in localpart by switching to SES.
>
> I've had several confirmed cases of mail being rejected because the
> mail-from had '=', but as best I know, I've had no problems from '+'
> so far.

220 sv15pub.verizon.net MailPass SMTP server v1.2.0 - 112105154401JY+PrW ready Wed, 29 Mar 2006 09:20:03 -0600
HELO smtp.marcomm.net
250 sv15pub.verizon.net
MAIL FROM: <stuart+test [at] marcomm>
550 You are not allowed to send mail:sv15pub.verizon.net
MAIL FROM: <stuart [at] marcomm>
250 Sender <stuart [at] marcomm> OK
quit
221 sv15pub.verizon.net closing connection

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2


stuart at bmsi

Mar 29, 2006, 7:42 AM

Post #50 of 70 (9446 views)
Permalink
Re: Why SRS really sucks [In reply to]
On Wed, 29 Mar 2006, Stuart D. Gathman wrote:

> On Tue, 28 Mar 2006, Dick St.Peters wrote:
>
> > I've had several confirmed cases of mail being rejected because the
> > mail-from had '=', but as best I know, I've had no problems from '+'
> > so far.
>
> 250 sv15pub.verizon.net
> MAIL FROM: <stuart+test [at] marcomm>
> 550 You are not allowed to send mail:sv15pub.verizon.net

The actually seems to be related to the CBV that verizon does. The
problem is that spamsoap is blocking their CBV.

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

First page Previous page 1 2 3 Next page Last page  View All SPF srs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.