Re: [mailop] RoadRunner Help?
On Sun, Feb 18, 2018 at 11:20 PM, Bill Colewrote: >> Missing the point there. It has nothing to do with knowing the To: >> address for a given recipient. If the VERP string fields are just >> simple numeric identifiers, > > Straw man. Amateurs use sequential numbers. Incompetents use decimal > numbers. Competent professionals use uniformly distributed keyed hashes. Is this one of those things where somebody who has never worked with / designed / implemented mail systems at ESP scale suddenly knows what everybody else must be doing wrong? Asking for a friend. -- al iverson // wombatmail // miami http://www.aliverson.com http://www.spamresource.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
On 17 Feb 2018, at 12:55 (-0500), Al Iverson wrote: On Sat, Feb 17, 2018 at 12:43 PM, John Levinewrote: In article you write: I am saying that I think it's unwise to put what amounts to subscriber-level PII or basically clear identifiers in the Return Path/MFROM, if mail back to that address is interpreted as an indication that an action should be taken (like logging a bounce and potentially stopping future mail to that recipient). It's an open slot where an external actor could insert something to cause actions beyond the expected ones. That counts as a security concern in my book. Given that pretty much every message from an ESP has the recipient's address on the To: line of the message, I'd put that particular risk on the last page of my book. If you want to fake a bounce from someone you certainly don't need VERP to do it. Missing the point there. It has nothing to do with knowing the To: address for a given recipient. If the VERP string fields are just simple numeric identifiers, Straw man. Amateurs use sequential numbers. Incompetents use decimal numbers. Competent professionals use uniformly distributed keyed hashes. a bad actor could send ones with incremented or otherwise changed numbers to make the bounce handling system log bounces to the wrong recipient address. They could falsify bounces for recipients without knowing those recipients' email addresses. Shall we do a bit of math on that? We've got 64 characters available for a local-part. Sacrifice one to escape one-off errors. At 6 bits/character (conservative mail-safe base64 or binhex charset) that's 378 bits, literally enough to give each lepton and hadron in the visible universe its own ID, with an IPv4 space left over FOR EACH PARTICLE, plus another for each of those particle's IoT devices... The point is: this is a monstrously sparse space for an ESP to scatter their VERP identities across. It's larger than anyone needs to hide a set of identifier tokens. Suppose you want the local-part to include identifiers for customer ID, campaign ID, and target address. Give each of those 10 Base64 characters and you have a quintillion (10^18) possible values for each one. Use a suitable algorithm to generate those IDs and bad actors have no chance of generating credible fake bounces. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
In articleyou write: >Missing the point there. It has nothing to do with knowing the To: >address for a given recipient. If the VERP string fields are just >simple numeric identifiers, a bad actor could send ones with >incremented or otherwise changed numbers to make the bounce handling >system log bounces to the wrong recipient address. They could falsify >bounces for recipients without knowing those recipients' email >addresses. This still strikes me as what's known as a movie plot threat. Yeah, hypothetically someone could do it, but compared to other threats it seems way down on the list to worry about. R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
On Sat, Feb 17, 2018 at 12:43 PM, John Levinewrote: > In article > you > write: >>I am saying that I think it's unwise to put what amounts to >>subscriber-level PII or basically clear identifiers in the Return >>Path/MFROM, if mail back to that address is interpreted as an >>indication that an action should be taken (like logging a bounce and >>potentially stopping future mail to that recipient). It's an open slot >>where an external actor could insert something to cause actions beyond >>the expected ones. That counts as a security concern in my book. > > Given that pretty much every message from an ESP has the recipient's > address on the To: line of the message, I'd put that particular risk > on the last page of my book. If you want to fake a bounce from someone > you certainly don't need VERP to do it. Missing the point there. It has nothing to do with knowing the To: address for a given recipient. If the VERP string fields are just simple numeric identifiers, a bad actor could send ones with incremented or otherwise changed numbers to make the bounce handling system log bounces to the wrong recipient address. They could falsify bounces for recipients without knowing those recipients' email addresses. -- al iverson // wombatmail // miami http://www.aliverson.com http://www.spamresource.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
In articleyou write: >I am saying that I think it's unwise to put what amounts to >subscriber-level PII or basically clear identifiers in the Return >Path/MFROM, if mail back to that address is interpreted as an >indication that an action should be taken (like logging a bounce and >potentially stopping future mail to that recipient). It's an open slot >where an external actor could insert something to cause actions beyond >the expected ones. That counts as a security concern in my book. Given that pretty much every message from an ESP has the recipient's address on the To: line of the message, I'd put that particular risk on the last page of my book. If you want to fake a bounce from someone you certainly don't need VERP to do it. R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
On 17 February 2018 at 17:21, Al Iversonwrote: > [] > I am saying that I think it's unwise to put what amounts to > subscriber-level PII or basically clear identifiers in the Return > Path/MFROM, if mail back to that address is interpreted as an > indication that an action should be taken (like logging a bounce and > potentially stopping future mail to that recipient). It's an open slot > where an external actor could insert something to cause actions beyond > the expected ones. That counts as a security concern in my book. > > Yes, it is personally reasonable that different people will have > different takes on the level of concern associated with that potential > risk. A good practice is to protect your VERPs with a signature (BATV or something similar may work). This is valid for both clear and obfuscated VERP paths. The use of IDs instead of the real original email in the return-path may also be because of length limits. Max length of an email address is 254 chars. If you have to insert it "almost clear" in a return path and change the domain then there are chance your return-path address will be more than 254 chars. so if your original address is "a 242 ti...@example.com" how do you add VERP to it without some sort of obfuscation? So, once you HAVE TO use some sort of obfuscation for long address, why should you prefer using 2 different algorithms? The obfuscated solution works for both short and long addresses. Also maybe we could differentiate between VERPs where the MAIL FROM simply depends on the recipient email address and VERPs where the MAIL FROM identify a single sent email (so if the same sender send another email to the same recipient using the same server the mail from smtp will be different). The give you 2 different level of "protection" and 2 different levels of "issues": BATV puts you in the second group, help you with backscattering, but don't help with deliverability where some recipient cannot whitelist you because their whitelist work on the return-path address and it changes every time. Stefano ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
On Fri, Feb 16, 2018 at 8:58 PM, John Levinewrote: > In article <32db9480-1666-d007-4d83-976d891e2...@linuxmagic.com> you write: >>> It's not really wise to use non-obfuscated return paths when using >>> VERP. If it's easily decodable, a goofball could spin up fake ones to >>> try to get 'em logged as legitimate bounces and inhibit future >>> delivery of certain messages to certain recipients. Is it >>> common/likely? > > That seems quite a stretch. Has it ever happened in the history of the > Internet? I don't think it has and I never claimed as such. I think that's a bit unfair, making a sort of straw man argument in response. I am saying that I think it's unwise to put what amounts to subscriber-level PII or basically clear identifiers in the Return Path/MFROM, if mail back to that address is interpreted as an indication that an action should be taken (like logging a bounce and potentially stopping future mail to that recipient). It's an open slot where an external actor could insert something to cause actions beyond the expected ones. That counts as a security concern in my book. Yes, it is personally reasonable that different people will have different takes on the level of concern associated with that potential risk. Regards, Al Iverson -- al iverson // wombatmail // miami http://www.aliverson.com http://www.spamresource.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
In article <32db9480-1666-d007-4d83-976d891e2...@linuxmagic.com> you write: >> It's not really wise to use non-obfuscated return paths when using >> VERP. If it's easily decodable, a goofball could spin up fake ones to >> try to get 'em logged as legitimate bounces and inhibit future >> delivery of certain messages to certain recipients. Is it >> common/likely? That seems quite a stretch. Has it ever happened in the history of the Internet? If I wanted to harass someone by mail I can think of about a million better ways to do it. You'd need a lot of detailed knowledge about a particular mailer to spoof bounce someone off their lists, and then it'd just be that mailer, or as likely as not just one list. If you really thought that was a problem, you could put a two letter checksum into the VERP along the lines of BATV. >IMHO, using VERP for a confirmed double-optin mailing lists can be >understandable, but in that case, the list itself is very specific. >But even then, a non VERP MAIL FROM is much preferable.. >(eg Return-Path:) Preferable for what? VERP makes it much easier to figure out what address is causing the bounces so if there's enough of them you know who to remove. R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
On 18-02-14 12:25 PM, Al Iverson wrote: On Wed, Feb 14, 2018 at 3:06 PM, Michael Peddemorswrote: Yes, stop using obfuscated MAIL FROM's It's not really wise to use non-obfuscated return paths when using VERP. If it's easily decodable, a goofball could spin up fake ones to try to get 'em logged as legitimate bounces and inhibit future delivery of certain messages to certain recipients. Is it common/likely? No, but I don't want to be the first to experience it. It's yet another place you wouldn't want to intentionally expose PII. Hi Al, IMHO, using VERP for a confirmed double-optin mailing lists can be understandable, but in that case, the list itself is very specific. But even then, a non VERP MAIL FROM is much preferable.. (eg Return-Path: ) However many ESP's use VERP for all of their lists, with no differentiation at all. (eg Return-Path:
Re: [mailop] RoadRunner Help?
Can you send me ips and the last time you got that? > On Feb 14, 2018, at 1:25 PM, Al Iversonwrote: > > On Wed, Feb 14, 2018 at 3:06 PM, Michael Peddemors > wrote: >> Yes, stop using obfuscated MAIL FROM's > > It's not really wise to use non-obfuscated return paths when using > VERP. If it's easily decodable, a goofball could spin up fake ones to > try to get 'em logged as legitimate bounces and inhibit future > delivery of certain messages to certain recipients. Is it > common/likely? No, but I don't want to be the first to experience it. > It's yet another place you wouldn't want to intentionally expose PII. > > -- > al iverson // wombatmail // miami > http://www.aliverson.com > http://www.spamresource.com > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
On Wed, Feb 14, 2018 at 3:06 PM, Michael Peddemorswrote: > Yes, stop using obfuscated MAIL FROM's It's not really wise to use non-obfuscated return paths when using VERP. If it's easily decodable, a goofball could spin up fake ones to try to get 'em logged as legitimate bounces and inhibit future delivery of certain messages to certain recipients. Is it common/likely? No, but I don't want to be the first to experience it. It's yet another place you wouldn't want to intentionally expose PII. -- al iverson // wombatmail // miami http://www.aliverson.com http://www.spamresource.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
Yes, stop using obfuscated MAIL FROM's On 18-02-14 11:48 AM, Brett Schenker wrote: Not sure if anyone from RoadRunner is on here or can help. We have a client that's receiving the below in bounces but the IPs aren't blocked by Road Runner and doing some research on the web it seems like a technical set up issue possibly? Anyone have suggestions/advice? 550 5.1.0> sender rejected AUP#I-1330 Brett -- Brett Schenker Man of Many Things, Including 5B Consulting - http://www.5bconsulting.com Graphic Policy - http://www.graphicpolicy.com Twitter - http://twitter.com/bhschenker LinkedIn - http://www.linkedin.com/in/brettschenker ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RoadRunner Help?
Hi Brett, Information on those errors was posted by Ira Hawkins back in October. Even though they are 5xx-level errors it seems they should be treated as a possible grey-listing. TWC just implemented new Cloudmark MTAs over the last 2 months that are now generating those AUP# rate limit errors. There are 3 separate codes and depending on which one will produce a 5 min, 1 hour or 24 hour rate limit block. spammer_check AUP#1310 spammer_check AUP#1320 spammer_check AUP#1330 Regards, Andrew ANDREW D. WINGLE Deliverability Manager 717-625-7857 direct From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brett Schenker Sent: Wednesday, February 14, 2018 2:49 PM To: mailop@mailop.org Subject: [mailop] RoadRunner Help? Not sure if anyone from RoadRunner is on here or can help. We have a client that's receiving the below in bounces but the IPs aren't blocked by Road Runner and doing some research on the web it seems like a technical set up issue possibly? Anyone have suggestions/advice? 550 5.1.0> sender rejected AUP#I-1330 Brett -- Brett Schenker Man of Many Things, Including 5B Consulting - http://www.5bconsulting.com Graphic Policy - http://www.graphicpolicy.com Twitter - http://twitter.com/bhschenker LinkedIn - http://www.linkedin.com/in/brettschenker ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop