unwise filtering policy from cox.net

Hash: SHA1

Hey Paul,

>> <abuse@cox.net>
>> (reason: 552 5.2.0 F77u1Y00B2ccxfT0000000 Message Refused. A
URL in
>> the content of your message was found on...uribl.com. For
resolution do
>> not contact Cox Communications, contact the block list
> An unfortunate limitation of the SMTP protocol is it initially only
> looks at the right-hand side of an address when connecting to a
> server to send e-mail, and not the left-hand side. [...]

Sure, it's an "unfortunate limitation", but I hardly think it's
an issue to hand-wave about and say "oh, well".


Given what Sean wrote goes to the core of how mail is routed, you'd
pretty much need to overhaul how MX records work to get around this one,
or perhaps go back to try to resurrect something like a DNS MB record,
but that presumes that the problem can't easily be solved in other
ways. Sean demonstrated one such way (move the high volume stuff to its
own domain).


Most mailservers do allow you to exempt specific addresses from filtering.


Suresh Ramasubramanian wrote:

Most mailservers do allow you to exempt specific addresses from filtering.
On the LHS of the @ of a remote address? I think that was Sean's point.


Er, that bounce was from cox's mta, spamfiltering email to abuse@cox.net

There are numerous techniques available for addressing this problem.
Which one(s) to use depends on the site's mail architecture, so I'm
not going to try to enumerate them all -- only to give a few examples.

Example 1: exempt abuse@ address from all anti-* processing; just deliver
it. All the MTA's I've worked with provide features to support this;
it's also sometimes necessary to make that exemption elsewhere (e.g.,
in programs called invoked as milters). Oh, and don't greylist it either.

Example 2: if using a multi-tier architecture (increasingly a good
idea, as it insulates internal traffic from the beating often inflicted
by external traffic) then re-route abuse@ mail to its own dedicated system
(using a mechanism like the sendmail virtual user table or equivalent).
Make that system something relatively impervious, and choose hardware
that can be replaced quickly at low cost. (My suggestion: OpenBSD
on a Sparc Ultra 2, and use mutt as the mail client. Keep a couple
of spares in the basement, they're dirt-cheap.)


Standardize on abuse@abuse.domain.whatever? If an MX exists for
abuse.the-domain-you're-looking-for then send to that instead of to

Bill Herrin