Re: [mailop] RoadRunner Help?

[Al Iverson]

On Sun, Feb 18, 2018 at 11:20 PM, Bill Cole
 wrote:
>> Missing the point there. It has nothing to do with knowing the To:
>> address for a given recipient. If the VERP string fields are just
>> simple numeric identifiers,
>
> Straw man. Amateurs use sequential numbers. Incompetents use decimal
> numbers.  Competent professionals use uniformly distributed keyed hashes.

Is this one of those things where somebody who has never worked with /
designed / implemented mail systems at ESP scale suddenly knows what
everybody else must be doing wrong? Asking for a friend.




-- 
al iverson // wombatmail // miami
http://www.aliverson.com
http://www.spamresource.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[Bill Cole]

On 17 Feb 2018, at 12:55 (-0500), Al Iverson wrote:


On Sat, Feb 17, 2018 at 12:43 PM, John Levine  wrote:
In article 
 
you write:

I am saying that I think it's unwise to put what amounts to
subscriber-level PII or basically clear identifiers in the Return
Path/MFROM, if mail back to that address is interpreted as an
indication that an action should be taken (like logging a bounce and
potentially stopping future mail to that recipient). It's an open 
slot
where an external actor could insert something to cause actions 
beyond

the expected ones. That counts as a security concern in my book.


Given that pretty much every message from an ESP has the recipient's
address on the To: line of the message, I'd put that particular risk
on the last page of my book.  If you want to fake a bounce from 
someone

you certainly don't need VERP to do it.


Missing the point there. It has nothing to do with knowing the To:
address for a given recipient. If the VERP string fields are just
simple numeric identifiers,


Straw man. Amateurs use sequential numbers. Incompetents use decimal 
numbers.  Competent professionals use uniformly distributed keyed 
hashes.



a bad actor could send ones with
incremented or otherwise changed numbers to make the bounce handling
system log bounces to the wrong recipient address. They could falsify
bounces for recipients without knowing those recipients' email
addresses.


Shall we do a bit of math on that?

We've got 64 characters available for a local-part. Sacrifice one to 
escape one-off errors. At 6 bits/character (conservative mail-safe 
base64 or binhex charset) that's 378 bits, literally enough to give each 
lepton and hadron in the visible universe its own ID, with an IPv4 space 
left over FOR EACH PARTICLE, plus another for each of those particle's 
IoT devices...


The point is: this is a monstrously sparse space for an ESP to scatter 
their VERP identities across. It's larger than anyone needs to hide a 
set of identifier tokens. Suppose you want the local-part to include 
identifiers for customer ID, campaign ID, and target address. Give each 
of those 10 Base64 characters and you have a quintillion (10^18) 
possible values for each one. Use a suitable algorithm to generate those 
IDs and bad actors have no chance of generating credible fake bounces.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[John Levine]

In article 
 you write:
>Missing the point there. It has nothing to do with knowing the To:
>address for a given recipient. If the VERP string fields are just
>simple numeric identifiers, a bad actor could send ones with
>incremented or otherwise changed numbers to make the bounce handling
>system log bounces to the wrong recipient address. They could falsify
>bounces for recipients without knowing those recipients' email
>addresses.

This still strikes me as what's known as a movie plot threat.

Yeah, hypothetically someone could do it, but compared to other threats
it seems way down on the list to worry about.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[Al Iverson]

On Sat, Feb 17, 2018 at 12:43 PM, John Levine  wrote:
> In article 
>  you 
> write:
>>I am saying that I think it's unwise to put what amounts to
>>subscriber-level PII or basically clear identifiers in the Return
>>Path/MFROM, if mail back to that address is interpreted as an
>>indication that an action should be taken (like logging a bounce and
>>potentially stopping future mail to that recipient). It's an open slot
>>where an external actor could insert something to cause actions beyond
>>the expected ones. That counts as a security concern in my book.
>
> Given that pretty much every message from an ESP has the recipient's
> address on the To: line of the message, I'd put that particular risk
> on the last page of my book.  If you want to fake a bounce from someone
> you certainly don't need VERP to do it.

Missing the point there. It has nothing to do with knowing the To:
address for a given recipient. If the VERP string fields are just
simple numeric identifiers, a bad actor could send ones with
incremented or otherwise changed numbers to make the bounce handling
system log bounces to the wrong recipient address. They could falsify
bounces for recipients without knowing those recipients' email
addresses.

-- 
al iverson // wombatmail // miami
http://www.aliverson.com
http://www.spamresource.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[John Levine]

In article  
you write:
>I am saying that I think it's unwise to put what amounts to
>subscriber-level PII or basically clear identifiers in the Return
>Path/MFROM, if mail back to that address is interpreted as an
>indication that an action should be taken (like logging a bounce and
>potentially stopping future mail to that recipient). It's an open slot
>where an external actor could insert something to cause actions beyond
>the expected ones. That counts as a security concern in my book.

Given that pretty much every message from an ESP has the recipient's
address on the To: line of the message, I'd put that particular risk
on the last page of my book.  If you want to fake a bounce from someone
you certainly don't need VERP to do it.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[Stefano Bagnara]

On 17 February 2018 at 17:21, Al Iverson  wrote:
> []
> I am saying that I think it's unwise to put what amounts to
> subscriber-level PII or basically clear identifiers in the Return
> Path/MFROM, if mail back to that address is interpreted as an
> indication that an action should be taken (like logging a bounce and
> potentially stopping future mail to that recipient). It's an open slot
> where an external actor could insert something to cause actions beyond
> the expected ones. That counts as a security concern in my book.
>
> Yes, it is personally reasonable that different people will have
> different takes on the level of concern associated with that potential
> risk.

A good practice is to protect your VERPs with a signature (BATV or
something similar may work).
This is valid for both clear and obfuscated VERP paths.

The use of IDs instead of the real original email in the return-path
may also be because of length limits.
Max length of an email address is 254 chars. If you have to insert it
"almost clear" in a return path and change the domain then there are
chance your return-path address will be more than 254 chars.
so if your original address is "a 242 ti...@example.com" how do you
add VERP to it without some sort of obfuscation?
So, once you HAVE TO use some sort of obfuscation for long address,
why should you prefer using 2 different algorithms? The obfuscated
solution works for both short and long addresses.

Also maybe we could differentiate between VERPs where the MAIL FROM
simply depends on the recipient email address and VERPs where the MAIL
FROM identify a single sent email (so if the same sender send another
email to the same recipient using the same server the mail from smtp
will be different). The give you 2 different level of "protection" and
2 different levels of "issues":

BATV puts you in the second group, help you with backscattering, but
don't help with deliverability where some recipient cannot whitelist
you because their whitelist work on the return-path address and it
changes every time.

Stefano

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[Al Iverson]

On Fri, Feb 16, 2018 at 8:58 PM, John Levine  wrote:
> In article <32db9480-1666-d007-4d83-976d891e2...@linuxmagic.com> you write:
>>> It's not really wise to use non-obfuscated return paths when using
>>> VERP. If it's easily decodable, a goofball could spin up fake ones to
>>> try to get 'em logged as legitimate bounces and inhibit future
>>> delivery of certain messages to certain recipients. Is it
>>> common/likely?
>
> That seems quite a stretch.  Has it ever happened in the history of the 
> Internet?

I don't think it has and I never claimed as such. I think that's a bit
unfair, making a sort of straw man argument in response.

I am saying that I think it's unwise to put what amounts to
subscriber-level PII or basically clear identifiers in the Return
Path/MFROM, if mail back to that address is interpreted as an
indication that an action should be taken (like logging a bounce and
potentially stopping future mail to that recipient). It's an open slot
where an external actor could insert something to cause actions beyond
the expected ones. That counts as a security concern in my book.

Yes, it is personally reasonable that different people will have
different takes on the level of concern associated with that potential
risk.

Regards,
Al Iverson

-- 
al iverson // wombatmail // miami
http://www.aliverson.com
http://www.spamresource.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[John Levine]

In article <32db9480-1666-d007-4d83-976d891e2...@linuxmagic.com> you write:
>> It's not really wise to use non-obfuscated return paths when using
>> VERP. If it's easily decodable, a goofball could spin up fake ones to
>> try to get 'em logged as legitimate bounces and inhibit future
>> delivery of certain messages to certain recipients. Is it
>> common/likely?

That seems quite a stretch.  Has it ever happened in the history of the 
Internet?

If I wanted to harass someone by mail I can think of about a million
better ways to do it.  You'd need a lot of detailed knowledge about a
particular mailer to spoof bounce someone off their lists, and then
it'd just be that mailer, or as likely as not just one list.  If you
really thought that was a problem, you could put a two letter checksum
into the VERP along the lines of BATV.


>IMHO, using VERP for a confirmed double-optin mailing lists can be
>understandable, but in that case, the list itself is very specific.
>But even then, a non VERP MAIL FROM is much preferable..  
>(eg Return-Path:  )

Preferable for what?  VERP makes it much easier to figure out what
address is causing the bounces so if there's enough of them you know
who to remove.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[Michael Peddemors]

On 18-02-14 12:25 PM, Al Iverson wrote:

On Wed, Feb 14, 2018 at 3:06 PM, Michael Peddemors
 wrote:

Yes, stop using obfuscated MAIL FROM's 


It's not really wise to use non-obfuscated return paths when using
VERP. If it's easily decodable, a goofball could spin up fake ones to
try to get 'em logged as legitimate bounces and inhibit future
delivery of certain messages to certain recipients. Is it
common/likely? No, but I don't want to be the first to experience it.
It's yet another place you wouldn't want to intentionally expose PII.



Hi Al,

IMHO, using VERP for a confirmed double-optin mailing lists can be 
understandable, but in that case, the list itself is very specific.

But even then, a non VERP MAIL FROM is much preferable..
(eg Return-Path:  )

However many ESP's use VERP for all of their lists, with no 
differentiation at all.


(eg Return-Path: 

Re: [mailop] RoadRunner Help?

[Scott Undercofler]

Can you send me ips and the last time you got that? 

> On Feb 14, 2018, at 1:25 PM, Al Iverson  wrote:
> 
> On Wed, Feb 14, 2018 at 3:06 PM, Michael Peddemors
>  wrote:
>> Yes, stop using obfuscated MAIL FROM's 
> 
> It's not really wise to use non-obfuscated return paths when using
> VERP. If it's easily decodable, a goofball could spin up fake ones to
> try to get 'em logged as legitimate bounces and inhibit future
> delivery of certain messages to certain recipients. Is it
> common/likely? No, but I don't want to be the first to experience it.
> It's yet another place you wouldn't want to intentionally expose PII.
> 
> -- 
> al iverson // wombatmail // miami
> http://www.aliverson.com
> http://www.spamresource.com
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[Al Iverson]

On Wed, Feb 14, 2018 at 3:06 PM, Michael Peddemors
 wrote:
> Yes, stop using obfuscated MAIL FROM's 

It's not really wise to use non-obfuscated return paths when using
VERP. If it's easily decodable, a goofball could spin up fake ones to
try to get 'em logged as legitimate bounces and inhibit future
delivery of certain messages to certain recipients. Is it
common/likely? No, but I don't want to be the first to experience it.
It's yet another place you wouldn't want to intentionally expose PII.

-- 
al iverson // wombatmail // miami
http://www.aliverson.com
http://www.spamresource.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[Michael Peddemors]

Yes, stop using obfuscated MAIL FROM's 



On 18-02-14 11:48 AM, Brett Schenker wrote:
Not sure if anyone from RoadRunner is on here or can help. We have a 
client that's receiving the below in bounces but the IPs aren't blocked 
by Road Runner and doing some research on the web it seems like a 
technical set up issue possibly? Anyone have suggestions/advice?


550 5.1.0 
> 
sender rejected AUP#I-1330


Brett

--
Brett Schenker
Man of Many Things, Including
5B Consulting - http://www.5bconsulting.com
Graphic Policy - http://www.graphicpolicy.com

Twitter - http://twitter.com/bhschenker
LinkedIn - http://www.linkedin.com/in/brettschenker


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RoadRunner Help?

[Andrew Wingle]

Hi Brett,

Information on those errors was posted by Ira Hawkins back in October. Even 
though they are 5xx-level errors it seems they should be treated as a possible 
grey-listing.

TWC just implemented new Cloudmark MTAs over the last 2 months that are now 
generating those AUP# rate limit errors.

There are 3 separate codes and depending on which one will produce a 5 min, 1 
hour or 24 hour rate limit block.

spammer_check AUP#1310
spammer_check AUP#1320
spammer_check AUP#1330


Regards,
Andrew


ANDREW D. WINGLE
Deliverability Manager

717-625-7857 direct


From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brett Schenker
Sent: Wednesday, February 14, 2018 2:49 PM
To: mailop@mailop.org
Subject: [mailop] RoadRunner Help?

Not sure if anyone from RoadRunner is on here or can help. We have a client 
that's receiving the below in bounces but the IPs aren't blocked by Road Runner 
and doing some research on the web it seems like a technical set up issue 
possibly? Anyone have suggestions/advice?

550 5.1.0 
>
 sender rejected AUP#I-1330

Brett

--
Brett Schenker
Man of Many Things, Including
5B Consulting - http://www.5bconsulting.com
Graphic Policy - http://www.graphicpolicy.com

Twitter - http://twitter.com/bhschenker
LinkedIn - http://www.linkedin.com/in/brettschenker
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop