[RFCI-Discuss] Rejected listing for gruver.net

Jamie L. Penman-Smithson lists at silverdream.org
Fri May 12 21:25:04 EDT 2006 

[Apologies since this may be straying a little OT.]

On 12 May 2006, at 16:10, Jamie L. Penman-Smithson wrote:
> The MX for GRUVER.NET is a tarpitting SMTP server that will never  
> deliver anything. Despite this, my requests for it to be listed  
> have been rejected.

I was wrong on a few counts, Eric has since clarified several points.

This was never a overly broad rejection of mail, it apparently only  
affected my mail server, something that has since been corrected.

I still think that mail to <postmaster> and <abuse> should _always_  
be treated differently (and bypass any and all anti-spam measures in  
place), but that's another argument entirely (though one that is not  
entirely backed up by current RFCs).

Based on this, listing of his domain would be incorrect.

On 13 May 2006, at 01:11, Administrative Account wrote:
> 	There are a large number of these operated by the same outfit.
> Until about three weeks ago they were using an MX of 127.0.0.1, but  
> after
> many bogusMX listings, all the domains were changed to point to this
> "tarpit" fake SMTP server.

I don't know anything about bogus MX servers, I only came upon this  
problem last week.

It appears that Eric has fixed the problem, connecting to  
mailboxen.gruver.net no longer gets the "tarpit" SMTP server.

..Actually, that's not correct. Connecting from a 'whitelisted' IP  
gets good 'ole sendmail:

220 mailboxen.gruver.net ESMTP Sendmail 8.13.4/8.13.4; Fri, 12 May  
2006 20:07:09 -0500 (CDT)

Connecting from another [non-whitelisted] IP gets the apparent  
tarpitting SMTP server.

I should point out that according to Eric, this server apparently  
does _not_ tarpit, it just greylists. However, the responses are both  
extremely rude and indicate that the mail will _never_ get delivered.  
The delayed greet is also indicative of tarpitting, but within the  
RFC spec. If mail isn't being tarpitted, these responses should  
probably be changed (to something friendlier).

> 	All you can really do is send (and queue) email to postmaster,
> abuse and from the DSN, then after 5 days in the queue, the domain  
> will
> meet the criteria for listing in all three lists.  When I first  
> noticed
> them, I didn't take advantage of the "free" listing in the mail  
> oriented
> lists, and noticed when rechecking one that it got auto-removed - then
> I saw the taunting "spam" SMTP server:(

Since this appears to meet the "narrowly-tailored" clause, it's not  
listable.

I don't think this was malicious intent, it seems that something went  
wrong along the way. What should have happened is greylisting  
(tempfail), following by whitelisting. Instead, no whitelisting  
occurred (in actuality my MX was blacklisted for some unknown reason).

> BTW.  Everything in the netblock NET-65-68-190-0-1, 65.68.190.0/24, is
> painted with the same brush.  The private P.O. Box in Plano TX is very
> similar to a large number previous spam registrations.

I would be hesitant to label in this way, Eric has shown sincerity  
and has shown willingness to fix the problem. There are legitimate  
uses of PO Boxes as much as illegitimate ones.

-j

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.megacity.org/pipermail/rfci-discuss/attachments/20060513/5d8f21ac/PGP.pgp

More information about the RFCI-Discuss mailing list