Re: Malformed spam email gets through.
On 03 Jan 2018, at 04:57, Matus UHLAR - fantomaswrote: > while it's "only" recommended that the right part is a domain name, but > there must be right part. Yes, there must be a left and a right and an ‘@‘ in-between. On 03 Jan 2018, at 12:36, Bill Cole wrote: > About 1.5% of my personal non-spam email over the past 20 years has had > "localhost" as the right hand side of the MID. This implies a de facto RFC > violation because it poses a real risk of duplication. There is no requirement that the right side be globally unique, just that the entire message ID is globally unique. > An additional ~1% has a MID header with either no dots or no '@'. Dots are irrelevant, but the way I read the RFC, ‘@‘ is required. -- No Sigs. Blame Apple.
Re: Malformed spam email gets through.
On 2018-01-03 14:36, Bill Cole wrote: > I have run an environment where each MTA node in the external gateway > layer would add a MID with its own FQDN to any message passing through > missing a MID. Those names could not be resolved in the world at > large, but they were absolutely valid and guaranteed unique. This is what I do with my personal outgoing messages. Free 3rd level DNs are available at freedns.org and I use a bogus (from the DNS POV) 4th level name under one of those, distinct for each host, as the RHS in my Message-ID. There's no good reason to use "localhost" or "localdomain". -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet, fetch the TXT record for the domain.
Re: Malformed spam email gets through.
On 2 Jan 2018, at 20:39, Alex wrote: Is it possible to at least enforce that the message-ID has a valid domain? Not reliably. About 1.5% of my personal non-spam email over the past 20 years has had "localhost" as the right hand side of the MID. This implies a de facto RFC violation because it poses a real risk of duplication. An additional ~1% has a MID header with either no dots or no '@'. This includes mail from Facebook, Seagate, Apple, one of my credit unions, a medical supply house that we buy from for my son's care, GMX (German freemail provider), multiple regulars on a private mailing list of old-timer anti-spam nutcases, the postmaster of LinkedIn sending personal mail with his linkedin.com address via GMail, iFixit, Verizon's SMS->Email gateway, and multiple ESPs including Eloqua and Digital River. At least one recent version of CommuniGate Pro (6.1.2) generated event invitations with a bare UUID as the MID. In other words: a significant number of messages, largely legitimate transactional messages, lack a FQDN in the MID. I have run an environment where each MTA node in the external gateway layer would add a MID with its own FQDN to any message passing through missing a MID. Those names could not be resolved in the world at large, but they were absolutely valid and guaranteed unique.
Re: Malformed spam email gets through.
On 1 Jan 2018, at 10:47, Matus UHLAR - fantomas uh...@fantomas.sk> wrote: On 1 Jan 2018, at 11:41 (-0500), Matus UHLAR - fantomas wrote: the gross format in RFCs 822,2822 and 5322 describes message-id consisting of local and domain part, thus is must contain "@". On 01.01.18 12:17, Bill Cole wrote: No, it does not. Re-read the cited sections. From RFC5322, the ABNF definition: msg-id = [CFWS] "<" id-left "@" id-right ">" [CFWS] this is the part that says message-id must consist of local and domain parts. On 02.01.18 13:44, @lbutlr wrote: No, it doesn't say anything like that. ok, let's rephrase that: it says that the message-id consists of two parts and the "@" between them. As I already posted: 5322 specifically states: "Though other algorithms will work, it is RECOMMENDED that the right-hand side contain some domain identifier (either of the host itself or otherwise) such that the generator of the message identifier can guarantee the uniqueness of the left-hand side within the scope of that domain." There is no requirement to include a local and domain part in any part of a Message-ID. while it's "only" recommended that the right part is a domain name, but there must be right part. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: Malformed spam email gets through.
On Wednesday 03 January 2018 at 02:39:54, Alex wrote: > Hi, > > Is it possible to at least enforce that the message-ID has a valid domain? If by "enforce" you mean "require" (in other words, you look at whatever message-ID the incoming email has, and you decide that if it doesn't contain a valid domain, then it is suspicious), then yes, you can. However, this requirement is not stipulated by current RFCs, therefore you may well be falsely marking legitimate email. Only a check of the incoming mail you receive, to see whether "message ID contains no valid domain" is a reliable indicator of spam, can tell you whether it's a good idea to do this on your mail filtering. The example quoted below is entirely RFC-conformant. Antony., > Received: from thomas-krueger.local > (221.208.196.104.bc.googleusercontent.com. [104.196.208.221]) > by smtp-relay.gmail.com with ESMTPS id > r16sm1186220uai.7.2017.12.28.18.04.13 > for> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); > Thu, 28 Dec 2017 18:04:14 -0800 (PST) > X-Relaying-Domain: janda02.com > Message-ID: <5b974eb73ed9c2d1b630f4b600191771@zfimvuyb.gwbba> > From: "Apple Store" > To: > > On Tue, Jan 2, 2018 at 5:41 PM, @lbutlr wrote: > > On 2 Jan 2018, at 04:26, Rupert Gallagher r...@protonmail.com> wrote: > >> Note taken. We still abide to the duties and recommendations, and expect > >> well-behaved servers do the same, by identifying themselves. We > >> cross-check, and if they lie, we block them. > > > > rejecting because they spoof a domain in the MID is one thing. Rejecting > > an email because you misunderstood the RFC and don't see a valid domain > > name is an entirely different thing. -- "I estimate there's a world market for about five computers." - Thomas J Watson, Chairman of IBM Please reply to the list; please *don't* CC me.