[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IETF 58 v6ops meeting baker-ipv6-renumbering slides

To: Randy Bush <randy@psg.com>
Subject: Re: IETF 58 v6ops meeting baker-ipv6-renumbering slides
From: Fred Baker <fred@cisco.com>
Date: Mon, 10 Nov 2003 10:28:23 -0600
Cc: v6ops@ops.ietf.org
In-reply-to: <E1AJEfO-0000ml-Va@roam.psg.com>
References: <6.0.0.22.2.20031110095058.058f9cb8@mira-sjc5-b.cisco.com > <E1AJET7-0000lV-Uw@roam.psg.com> <6.0.0.22.2.20031110100512.044c3150@mira-sjc5-b.cisco.com > <E1AJEfO-0000ml-Va@roam.psg.com>

At 10:13 AM 11/10/2003, Randy Bush wrote:
perhaps it was this entry in the mail log here?
2003-11-10 14:47:10 H=(sj-iport-3.cisco.com) [171.71.176.72]
F=<fred@cisco.com rejected RCPT <v6sops@ops.ietf.org: Unknown local part
You're saying I fat-fingered the address?
close.  i am asking if this was possible.  you could/should have
received a bounce for that.  and, if you did, you might have resent.
but perhaps this is not the best forum for smtp debugging :-)

It's probably not the right forum, but a symptom here may be of interest to some operational forum, perhaps asrg.

Yes, as it turns out I did get such a bounce.

I have a problem.
 - The email address "fred@cisco.com" is in everybody-and-their-dog's
   outlook address book.
 - Everybody-and-their-dog gets viruses (pithy comment on people that click
   on things that say "click me, I dare you" elided)
 - viruses send messages *from* every address in the outlook address book
   *to* every address in the outlook address book.
 - half of those addresses are no longer valid, or are the addresses of
   mailing lists that are inadequately maintained.
 - hence, a significant subset of my spam load is email bounces
 - My spam filter helpfully detected the bounce from ops.ietf.org and put
   the message into a file I only occasionally look at.

I'm of the opinion that there is an operational issue here. One technique a spammer can use to validate his email alias is to send messages to random addresses. If he gets a bounce, it was an invalid address. If he doesn't get a bounce, there was in fact a target there, although the target may be using antispam measures.

Hence, the bounce is an attack avenue for spoofed senders and a security hole for private networks.

Um, maybe there is some form of policy that should be recommended for bounces, such as "only send them to some specified set of correspondents" such as a local alias comprised of the or of all local aliases.

Let's see; that had something to do with IPv6 operations, right?

I now return you to your regularly scheduled mailing list topic...

References:
- IETF 58 v6ops meeting baker-ipv6-renumbering slides
  - From: Fred Baker <fred@cisco.com>
- Re: IETF 58 v6ops meeting baker-ipv6-renumbering slides
  - From: Randy Bush <randy@psg.com>
- Re: IETF 58 v6ops meeting baker-ipv6-renumbering slides
  - From: Fred Baker <fred@cisco.com>
- Re: IETF 58 v6ops meeting baker-ipv6-renumbering slides
  - From: Randy Bush <randy@psg.com>

Prev by Date: Re: IETF 58 v6ops meeting baker-ipv6-renumbering slides
Next by Date: Issue tracker introduced for the v6ops WG
Previous by thread: Re: IETF 58 v6ops meeting baker-ipv6-renumbering slides
Next by thread: RE: IETF 58 v6ops meeting baker-ipv6-renumbering slides
Index(es):
- Date
- Thread