Re: [vox-tech] Re: email question?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] Re: email question?
On Thu, Mar 01, 2001 at 03:25:31PM -0800, Peter Jay Salzman wrote:
> On Thu 01 Mar 01, 2:44 PM, Micah Cowan said:
> > On Tue, Feb 27, 2001 at 02:17:57PM -0800, Peter Jay Salzman wrote:
> > Pete, you should really double-check these things. One of the ways
> > I've found vrfy to be turned off (including, as it turns out, my new
> > employer), is to simply acknowledge /every/ address you ask it for.
> > This is obviously not very helpful - you can double check by trying
> > unlikely names, such as
> > vrfy <nnnnnnnnnnnnnnnnnnnnnnnnnn>
> > -Micah
> ok, mister party-pooper. :-) i concede that many places acknowledge any
> old address, but i checked a few of my examples out. and most of them don't
> fake people out. some of them are funny, so i post them here for humor
I really wish everyone /would/ leave vrfy on - in my mind, it doesn't
really reveal anything - and people can always find out if they exist
using other methods; but it can be very useful to /me/ to find out
whether they have certain standard addresses.
For example: today I got a piece of spam mail that was a thinly
disguised pyramid scam (citing all kinds of support, such as praise
by a national tv show, and quotes from people who say "it worked for
me!" - every /real/ program that exists always actually /name/ the TV
show they were covered by, and the people who loved them so much). It
claimed to have come from a yahoo email, but the Received: lines
claimed it came from a nonexistant domain name (friendfreund.net).
However, like most good MTAs, mine noted the /actual/ IP address,
which corresponds to a dial-up with an .au tld.
Obviously, if I get steamed up about some spam, I want to notify the
providers. This can be tricky, if the spam actually came from a
location which is a "spam headquarters", then complaining to them
won't get me anywhere, and I should complain instead to their upstream
provider. However, with a dial-up, it's easy to assume they just post
the mail directly from their home computer spam-machine.
The thing is - what email do I complain to?
VRFY gives me an easy way to find out if they have either a "postmaster"
or an "abuse" mailbox. If I can't find those, I'd probably try
"root", "admin", or "sysadmin". If I can't use any of those, I'll
probably check their NS's SOA record for the authoritative email, but
sometimes that is less than productive.
Anyway, to find out whether or not these exist, using VRFY when it's
provided is somewhat easier than having to actually attempt to write a
message to, and then cancel, each possible mailbox.
Obviously, SMTP was invented for and by hackers - why else would it
have a freaking HELP command? The MTAs which fail to recognize this
bug me. CSUS actually prints this message if you issue the HELP
command at their MTA:
214-smtp The only reason you need interactive help is because you're
214-smtp hacking on our sendmail port. We don't really appreciate
214-smtp So... GO AWAY!!!
214-smtp If, however, you really truly feel you need help, then send
214-smtp message to firstname.lastname@example.org.
214 End of HELP info
This annoys the hell out of me. It's not like there's something
naughty or illegal about telnetting to port 25 of an MTA - now trying
DEBUG, that's another matter....
Oops, been up here too long: my soap-box's starting to creak from the
strain. Either I'd better lose a few pounds or find a stronger