Friday, September 24, 1999, 6:23:51 AM, Ali wrote:
> On Friday, September 24, 1999, 8:18:56 AM (-5 GMT), Ron scribbled:
>> Yes, I'm getting a lot more spam addressed to me individually
>> recently. I'd say that half is now addressed to me directly. My
>> guess is that some spammers have found that people (or
>> ISPs) are filtering out messages not addressed directly to individuals,
>> so they are doing this to get around that (even if it increases their
>> overhead).
To Ron:
Most likely not, the overhead is too high. When running on a short time
frame are you really going to cut your throughput by 90+% just on the off
chance that some ISPs may be filtering in a very restrictive manner? No.
> That puts subscribed to announcements type mail and user discussion list
> type mail at risk since all these types of mail are not addressed
> directly to anyone. These would get filtered out.
To Ali:
This is not true.
<Professor's cap>
Email is like snailmail in that the contents of the mail has little
bearing on the routing of the mail. So let me explain how email works by
drawing an analogy to snailmail.
When you write a letter to a fried, CC it to another and BCC it to a
third in snailmail, here is the process. You write the letter. In the letter
you have your greetings, body, signature, a little thing to denote a CC. You
write/print it out three times, place it in three separate envelopes, and drop
them in the post office box. The post office then looks at the envelope,
postmarks the stamp, sends it to the right post office for delivery. That
post office looks at the envelope, snds it to the letter carrier on the right
route who looks at the envelope and drops it off at the right house. Each
person then opens up the letter and reads what is written. Two seeing that it
was sent to two people, the third seeing he was BCC'd.
When you write an email to a friend, CC it to another and BCC it to a
third in email, here is the process. You write the letter. In your client
you tell it to send it TO one, CC it to another and BCC it to a third. You
write the body, it appends the signature. You tell it to send. *It* is the
one that decides how to divide it up, if needed, and send separate copies if
needed (only when content is different). It then sticks it into an envelope
that you never see and fires it to the SMTP server you've got configured. The
SMTP server is like the post office, it looks at the envelope, postmarks it
with a Received line and fires it off to the other end. That end looks at
the envelope and drops it in the right mail box. Then your friends respective
email clients use (most likely) POP3 to retrieve the letter.
Here's the important part, the headers we see are not the address
information, they are part of the body. IE, they are not the envelope and
aside from information are pretty much there for humans only in the bulk of
today's email structure. So where is the envelope that I am talking about?
Well, earlier I had posted a joke message that contained a fake SMTP
session. Here it is again. I won't post the whole body of the message.
-----
helo rpglink.com
mail from: [EMAIL PROTECTED]
rcpt to: Chris Adams <[EMAIL PROTECTED]>
data
From: Steve Lamb <[EMAIL PROTECTED]>
To: Chris Adams <[EMAIL PROTECTED]>
Subject: Groking SMTP
Date: Mon Sep 13 16:21:40 PDT 1999 (-0700)
Oh, trust me, I know quite well how easy SMTP is to use. I also know POP3
-----
From helo to data is the envelope of the message. The From line to the
Date line are the header. After that is the body. SMTP data blocks are ended
with a single period (.) without anything else on the line.
On the helo line the SMTP server checks the IP of who is connecting it and
does a reverse lookup. Most places will allow email through even if the
domain in the "helo" line does not match the domain that it is coming from.
Most servers, however, will not allow mail from a machine that it isn't
configured to accept mail from and it goes by the IP *only*. It then uses the
"mail from" line as another basic check. Some SMTP servers will allow mail
from the outside world even if it isn't from a configured IP. Finally, the
"rcpt to" line is used to know where to send the mail to. If the user is
local, the mail is generally accepted. If it isn't, then it is considered a
relay and the machine sending it must be on the authorized list of IPs to send
it.
All of that information goes into the Received line prepended to the data
block. Here is an example of a Received line from my SMTP server on a message
I sent to TBUDL from work.
Received: from antelope.it.earthlink.net [207.217.90.52] (morpheus) by
rpglink.com with esmtp (Exim 3.03 #1 (Debian)) id 11UENp-0001wX-00; Thu, 23 Sep
1999 12:18:21 -0700
My machine is antelope.it.earthlink.net and its IP follows. I claimed to
be morpheus from that machine. It was received by rpglink.com using the esmtp
protocol running Exim 3.03, package build #1 for Debian. The Exim message ID
was 11UENp-0001wX-00 and it was received on Thursday, the 23rd of September,
1999 at 12:18:17pm ofset -7 from GMT.
For all intents and purposes the SMTP sequence listed above (helo/mail
from/mail to/data) could have been that message.
Now, this is also where the mail system gets efficient. I could send it
to more people by just adding more "rcpt to" lines. When my SMTP server sends
out the mail, any mail destined to the same host uses multiple "rcpt to" lines
and only a single data block. So your client, nor the spammers, send multiple
bodies, only one body and multiple addresses. Each server along the way then
does the same thing. So an address list of, say...
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
...gets delivered by my client sending one body to my SMTP server with all
of those addressed in multiple "rcpt to"s. My server then delivers to
host1 2 of them, 1 data block, 1 to host2 with 1 data block, 3 to host 3 with
1 data block. Already a net savings. With my mailing list for PMMail I've
got several hosts with 15-20 subscribers on it. It adds up. :)
Now, to bring this all back to the point of the matter. Most ISPs will
not prevent mail from being delivered based on what is in the data block. To
do so invites legal problems. They can, however, and often do block on what
transpires in the envelope. What clients block on is the data block, not the
envelope. So while in the data it is not addressed to you, the mail still
*is* addressed to you via the envelope. If any ISP is blocking mail based on
what is or is not present in the data block, esp. when it comes to BCCs which
is what mailing lists operate with, they need a stern talking to with threats
of strong legal action. Not only are they non-conformant with the standards
of the net, they are also blocking a LOT of legit mail.
As I said, though, most ISPs will not do that so spammers are not in
danger of filtering at the ISP level if they do not address it to you in the
data block which is where we do our filtering.
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
ICQ: 5107343 | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To Unsubscribe from TBUDL, click below and send the generated message.
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
