The RFC's for abuse and postmaster addresses require more than just a
functioning address or even an appropriate response in certain
situations. From the rfc-ignorant.org site regarding abuse for
instance:
http://www.rfc-ignorant.org/policy-abuse.php
Given that, the listing criterium is that any domain for which
abuse@domain is rejected, times-out, or for
any other
reason cannot be delivered, that shall be considered grounds for
listing,
excepting as such that if the rejection is obviously based on some
criteria which reject the sender. (Unlike the rules regarding
"postmaster" (for which only something like an ongoing
mailbomb is an exemption - see RFC2821),
nothing requires the abuse address to accept from everyone,
so if
someone has blocked a particular host from sending mail to that server,
that
could conceivably include blocking mail destined for the abuse address.
However, if this exemption is (no pun intended) abused (e.g., a site
claiming
that "abuse" has elected to receive mail from only two other places),
that site will no longer be allowed to partake of that exemption.)
Also, based on the "resulting in delivery to a recipient
appropriate
for the referenced service or role." criterion in section 1, there is
an added condition for listing, which is any domain which, upon
receiving a
report to abuse@domain, refers the user to another address
or a
web form, indicating that they MUST use that other method to report the
complaint. Certainly sites are welcome to suggest "better/optimized"
methods of communication, but they must acknowledge that the complaint
will be acted upon, as submitted to the main abuse@domain
address.
---
Also, if it is provable that the abuse address is being dropped in the
bit bucket automatically (e.g:
>>> EXPN [EMAIL PROTECTED]
<<< 250 2.1.5 </dev/null>
That would also be considered a violation of the RFC,
and
cause for listing. Note that this must be clear-cut.
Simply
being unresponsive is not (sufficient) evidence of
the
messages being bitbucketed.
Domains are listed, as well as a wildcard under them, so that if
mail
is received from <[EMAIL PROTECTED]>, it will
match
if <[EMAIL PROTECTED]> fails, as only the
"root domain" abuse address is required to work, according to the
RFC. As a rule of thumb, this would mean that the
domain-level that would/should be listed in a domain-name WHOIS
registry is
the level that must be capable of handling abuse complaints.
If any of the valid MX servers for a domain have private,
reserved, or otherwise bogus IP addresses, then the domain would be
listed. (E.g., given an address of <[EMAIL PROTECTED]>, if the MX
for example.tld is mail.example.tld, and the A record listed in DNS for
mail.example.tld is 127.0.0.1, then example.tld would be listed.)
IMO, it's always nice to know the qualifications for being listed.
Matt
Kevin Bilbee wrote:
yahoo also has an abuse address. I send to them on a regulare basis and I
get their atuo response and within a few days I get a resolution.
Kevin Bilbee
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sheldon Koehler
Sent: Friday, September 05, 2003 11:06 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc.
false positives positives
The real irony about this is [EMAIL PROTECTED] actually works! Go
figure...
Sheldon
Sheldon Koehler, Owner/Partner http://www.tenforward.com
Ten Forward Communications 360-457-9023
Nationwide access, neighborhood support!
"Whenever you find yourself on the side of the majority, it's time
to pause and reflect." Mark Twain
----- Original Message -----
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 04, 2003 3:30 PM
Subject: RE: [Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false
positives positives
It is known that AOL, Hotmail and Yahoo will often fail NOABUSE,
NOPOSTMASTER and REVDNS, as they are not setup nor do they care.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Thursday, September 04, 2003 1:36 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false
positives positives
It's just you :)
The From address is often forged. The address that matters the most is the
server from which the E-mail came, which is listed in the top of the
headers, i.e.
Received: from declude.com [24.107.232.14] by igaia.com with ESMTP
(SMTPD32-7.13) id A78F250118; Thu, 04 Sep 2003 15:50:39 -0400
The information in that line in the messages you receive is what is
responsible for tripping most of the tests you indicated (real AOL trips
NOPOSTMASTER for instance). If you reverse lookup the IPs that you find
there, my bet is that they won't match the domains of the From addresses
they are using. The software and your filters are actually doing their job
very well if those messages are failing.
Matt
Paul Hung wrote:
Has anyone found that AOL, Hotmail, and Yahoo.com addresses have been
failing on the following tests: helobogus, nopostmaster, noabuse, revdns
These e-mails usually fail these four tests, and thus trigger my Weight10
rule. I performed a reverse DNS lookup on several of the IP addresses and
found that there was no entry for reverse DNS.
Any ideas? Is it just me?
- Paul
|
