> >| However, there is a more serious vulnerability here: infinite loops between
> >| two or more closed lists.
>
> It's a big issue for anything that auto-responds, not just lists. Any
> mailbot has to try to figure this out, and many of them do a terrible
> job of it, including some of mine. I've closed some holes, but not
> all of them, and it's a continuing issue.
I have a bunch of autoresponders, and the only effective thing I've found is
rate limiting. My autoresponders remember all the addresses they've written
to, and will not send more than five responses per hour to any single
address, dropping responses over that limit.
I suppose it might lose a tiny amount of real mail, but it does break
mail loops quite well. There's nothing you can put in an outgoing
message that will reliably let you detect an autoresponse, too many
autoresponses completely discard the message they're responding to so
there's no body nor any copy of the subject line.
You should of course do "good housekeeping" things like "Precedence:
bulk" to give well behaved software the hint that it's talking to another
computer, but of course the well behaved software isn't the problem.
> The worst loop I ever ran into, and I literally found it by accident,
> was one that, as far as I could tell, had been going on for a couple
> of months. yes, months. both sides kept slowly adding text to it, so
> that by the time I ran into it, the return message was 90 megabytes
> long, and because of that, the time for it to make a round trip was
> on the order of 2-3 days.
Wow. I'm amazed that you found two mail systems robust enough to handle 90MB
messages, but broken enough to get into a loop like that.
> So this is what I'd suggest. If nothing else, track the number of
> rejected messages and if it spikes or goes over some chosen value,
> then Do Something.
You got it.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
