Date: Mon, 19 Jan 2004 11:39:26 EST
From: LRZeitlin@aol.com
Subject: TWL: Re: e-mail address
A published e-mail address is in the public domain, just like a street
address or telephone number. Harvesting e-mail addresses is the scourge
of the
Internet. That's why you get all those Viagra, refinancing, vitamin, and
porno
solicitations. Block messages from an undesired source and use a
confidential
e-mail address for people you really want to communicate with.
Quick question regarding blocking- sorry, no trawler content. While you
can block messages from appearing on your own computer with a filter
system, am I correct in assuming this does not block the messages from
loading into your "segment" of your internet provider's server? At
least with a dial-up service? So eventually you have to download all
this junk just to keep your "mailbox" from getting full. Or is there a
way to filter stuff BEFORE it goes into your ISP mailbox or server
segment? You can e-mail answers directly to keep the off-topic
discussion off the list...... Thanks.
C. Marin Faure
GB36-403 "La Perouse"
Bellingham, Washington
Or is there a way to filter stuff BEFORE it goes into your ISP mailbox or
server segment?
The vast majority of Internet-based mail is sent using SMTP (Simple Mail
Transport Protocol), an Internet standard just like HTTP, FTP, and so on. As
the name implies, it is really, really simple. A software program (running
on your machine or any other machine) communicates with the SMTP mail server
(not all are public, many are behind firewalls) through a very simple prompt
/ response system. The STMP server basically asks who's sending the message,
who's receiving the message, what the subject is, and what the message is.
There is virtually no checking to see if any of this information is valid,
so it's as easy to say the message is from George Bush as it is to use the
sender's real name & address. The one common protection employed is that
almost all mail servers require that the user authenticate themselves before
being allowed to access the SMTP server, which ensures that the sender at
least has an account on that domain. You can imagine how easy it is to get
an account on AOL though, so this doesn't mean very much. There _are_servers
out there that do no authenticate, and they are called "open relays", and
there is a subfaction of the mail world that maintains lists of open relays
and then filters out any mail coming in from those servers. FWIW, it's
also quite easy to set up your own mail server so this is a constantly
evolving battle.
Assuming the message has made it into the mail server, the Domain Naming
System (DNS) comes into play as the mail server looks up the mail exchanger
record for the recipient's domain, and the mail message is routed to the
incoming queue on the destination mail server. This is the first real line
of defense, since many mail servers support a pluggable architecture that
allows administrators to install "filtering" software that - based on any
variety of rules - causes incoming mail to be deleted, routed, or
"decorated" with warning header information. This is also the one place
where real money is paid to battle spam, with mail server licenses costing
hundreds - if not thousands - of dollars. It's also an area where an
individual user has absolutely no control.
So, assuming the message has been accepted, that the server hasn't filtered
it out, that the destination address corresponds to a valid mailbox on the
system, the message is then routed there. If the message fails any of those
tests, it is "normal" industry practice to send a response back to the
sender saying that the mail was undeliverable. You may have seen the result
of this when you got mail back to you saying that your mail was
"undeliverable", and you then looked and realized that you never even sent
the message! Remember, using SMTP it's easy for someone else to "spoof" the
identity of a real person so getting a "bounce" like this doesn't
automatically mean that you have a virus. Unfortunately, this
acknowledgement mechanism makes it easy for spammers to - for instance - hit
all combination of names in a domain, see which ones bounce, and then assume
that the others were delivered. So...it is now common practice to turn off
all server-based acknowledgements.
OK, now the message is sitting in your server's mailbox, awaiting delivery
to you. Ignoring all the server-based systems for simplicity, most users
then connect to their server using another common Internet standard, the
Post Office Protocol (specifically POP3). At least here there's an
authentication process, but then you have basically opened up the firehose
to that mailbox and said "download everything". Now the client mail program
has a chance to filter things out (or redirect them to other folders), and
this is really the only place that the user has any chance to intervene in
the entire process.
Hope that helps clarify things a bit...
Keith