trawlers@lists.trawlering.com

TRAWLERS & TRAWLERING LIST

View all threads

TWL: Re: e-mail address (no trawler content)

FM
Faure, Marin
Tue, Jan 20, 2004 7:27 PM

Date: Mon, 19 Jan 2004 11:39:26 EST
From: LRZeitlin@aol.com
Subject: TWL: Re: e-mail address

A published e-mail address is in the public domain, just like a street

address or telephone number. Harvesting e-mail addresses is the scourge
of the
Internet. That's why you get all those Viagra, refinancing, vitamin, and
porno
solicitations. Block messages from an undesired source and use a
confidential
e-mail address for people you really want to communicate with.

Quick question regarding blocking- sorry, no trawler content.  While you
can block messages from appearing on your own computer with a filter
system, am I correct in assuming this does not block the messages from
loading into your "segment" of your internet provider's server?  At
least with a dial-up service?  So eventually you have to download all
this junk just to keep your "mailbox" from getting full.  Or is there a
way to filter stuff BEFORE it goes into your ISP mailbox or server
segment?  You can e-mail answers directly to keep the off-topic
discussion off the list......  Thanks.


C. Marin Faure
GB36-403 "La Perouse"
Bellingham, Washington

Date: Mon, 19 Jan 2004 11:39:26 EST From: LRZeitlin@aol.com Subject: TWL: Re: e-mail address >A published e-mail address is in the public domain, just like a street address or telephone number. Harvesting e-mail addresses is the scourge of the Internet. That's why you get all those Viagra, refinancing, vitamin, and porno solicitations. Block messages from an undesired source and use a confidential e-mail address for people you really want to communicate with. Quick question regarding blocking- sorry, no trawler content. While you can block messages from appearing on your own computer with a filter system, am I correct in assuming this does not block the messages from loading into your "segment" of your internet provider's server? At least with a dial-up service? So eventually you have to download all this junk just to keep your "mailbox" from getting full. Or is there a way to filter stuff BEFORE it goes into your ISP mailbox or server segment? You can e-mail answers directly to keep the off-topic discussion off the list...... Thanks. ______________________________ C. Marin Faure GB36-403 "La Perouse" Bellingham, Washington
KP
Keith Pleas
Tue, Jan 20, 2004 8:17 PM

Or is there a way to filter stuff BEFORE it goes into your ISP mailbox or

server segment?

The vast majority of Internet-based mail is sent using SMTP (Simple Mail
Transport Protocol), an Internet standard just like HTTP, FTP, and so on. As
the name implies, it is really, really simple. A software program (running
on your machine or any other machine) communicates with the SMTP mail server
(not all are public, many are behind firewalls) through a very simple prompt
/ response system. The STMP server basically asks who's sending the message,
who's receiving the message, what the subject is, and what the message is.
There is virtually no checking to see if any of this information is valid,
so it's as easy to say the message is from George Bush as it is to use the
sender's real name & address. The one common protection employed is that
almost all mail servers require that the user authenticate themselves before
being allowed to access the SMTP server, which ensures that the sender at
least has an account on that domain. You can imagine how easy it is to get
an account on AOL though, so this doesn't mean very much. There _are_servers
out there that do no authenticate, and they are called "open relays", and
there is a subfaction of the mail world that maintains lists of open relays
and then filters out any mail coming in from those servers. FWIW, it's
also quite easy to set up your own mail server so this is a constantly
evolving battle.

Assuming the message has made it into the mail server, the Domain Naming
System (DNS) comes into play as the mail server looks up the mail exchanger
record for the recipient's domain, and the mail message is routed to the
incoming queue on the destination mail server. This is the first real line
of defense, since many mail servers support a pluggable architecture that
allows administrators to install "filtering" software that - based on any
variety of rules - causes incoming mail to be deleted, routed, or
"decorated" with warning header information. This is also the one place
where real money is paid to battle spam, with mail server licenses costing
hundreds - if not thousands - of dollars. It's also an area where an
individual user has absolutely no control.

So, assuming the message has been accepted, that the server hasn't filtered
it out, that the destination address corresponds to a valid mailbox on the
system, the message is then routed there. If the message fails any of those
tests, it is "normal" industry practice to send a response back to the
sender saying that the mail was undeliverable. You may have seen the result
of this when you got mail back to you saying that your mail was
"undeliverable", and you then looked and realized that you never even sent
the message! Remember, using SMTP it's easy for someone else to "spoof" the
identity of a real person so getting a "bounce" like this doesn't
automatically mean that you have a virus. Unfortunately, this
acknowledgement mechanism makes it easy for spammers to - for instance - hit
all combination of names in a domain, see which ones bounce, and then assume
that the others were delivered. So...it is now common practice to turn off
all server-based acknowledgements.

OK, now the message is sitting in your server's mailbox, awaiting delivery
to you. Ignoring all the server-based systems for simplicity, most users
then connect to their server using another common Internet standard, the
Post Office Protocol (specifically POP3). At least here there's an
authentication process, but then you have basically opened up the firehose
to that mailbox and said "download everything". Now the client mail program
has a chance to filter things out (or redirect them to other folders), and
this is really the only place that the user has any chance to intervene in
the entire process.

Hope that helps clarify things a bit...
Keith

>>Or is there a way to filter stuff BEFORE it goes into your ISP mailbox or server segment? The vast majority of Internet-based mail is sent using SMTP (Simple Mail Transport Protocol), an Internet standard just like HTTP, FTP, and so on. As the name implies, it is really, really simple. A software program (running on your machine or any other machine) communicates with the SMTP mail server (not all are public, many are behind firewalls) through a very simple prompt / response system. The STMP server basically asks who's sending the message, who's receiving the message, what the subject is, and what the message is. There is virtually no checking to see if _any_ of this information is valid, so it's as easy to say the message is from George Bush as it is to use the sender's real name & address. The one common protection employed is that almost all mail servers require that the user authenticate themselves before being allowed to access the SMTP server, which ensures that the sender at least has an account on that domain. You can imagine how easy it is to get an account on AOL though, so this doesn't mean very much. There _are_servers out there that do no authenticate, and they are called "open relays", and there is a subfaction of the mail world that maintains lists of open relays and then filters out _any_ mail coming in from those servers. FWIW, it's also quite easy to set up your own mail server so this is a constantly evolving battle. Assuming the message has made it into the mail server, the Domain Naming System (DNS) comes into play as the mail server looks up the mail exchanger record for the recipient's domain, and the mail message is routed to the incoming queue on the destination mail server. This is the first real line of defense, since many mail servers support a pluggable architecture that allows administrators to install "filtering" software that - based on any variety of rules - causes incoming mail to be deleted, routed, or "decorated" with warning header information. This is also the one place where real money is paid to battle spam, with mail server licenses costing hundreds - if not thousands - of dollars. It's also an area where an individual user has absolutely no control. So, assuming the message has been accepted, that the server hasn't filtered it out, that the destination address corresponds to a valid mailbox on the system, the message is then routed there. If the message fails any of those tests, it is "normal" industry practice to send a response back to the sender saying that the mail was undeliverable. You may have seen the result of this when you got mail back to you saying that your mail was "undeliverable", and you then looked and realized that you never even sent the message! Remember, using SMTP it's easy for someone else to "spoof" the identity of a real person so getting a "bounce" like this doesn't automatically mean that you have a virus. Unfortunately, this acknowledgement mechanism makes it easy for spammers to - for instance - hit all combination of names in a domain, see which ones bounce, and then assume that the others were delivered. So...it is _now_ common practice to turn off all server-based acknowledgements. OK, now the message is sitting in your server's mailbox, awaiting delivery to you. Ignoring all the server-based systems for simplicity, most users then connect to their server using another common Internet standard, the Post Office Protocol (specifically POP3). At least here there's an authentication process, but then you have basically opened up the firehose to that mailbox and said "download everything". Now the client mail program has a chance to filter things out (or redirect them to other folders), and this is really the only place that the user has any chance to intervene in the entire process. Hope that helps clarify things a bit... Keith