[sclug] yahoo and greylisting
Roland Turner SCLUG
raz.fpyht.bet.hx at raz.cx
Fri Jan 20 07:56:28 UTC 2006
On Thu, 2006-01-19 at 23:50 +0000, David Given wrote:
> On Thursday 19 January 2006 23:29, John Stumbles wrote:
> [...]
> > How do you mean 'email probing'? And what RFC?
> > And wtf's greylisting (while I'm showing off my hignorance? :-)
>
> A greylister is a way of implementing hashcash by exploiting some of the
> features of the SMTP service.
>
> Hashcash is a way of ensuring that people *really* want to send you email by
> making the sender do some work. Traditionally this is done by making them do
> something computationally expensive, such as factoring big numbers. The idea
> is that because sending mail now requires work, people will be much less
> inclined to send vast amounts of mail on-spec --- i.e., spam.
Apologies for the nitpicks, but:
- Greylisting is not an implementation of HashCash. Greylisting and
HashCash are both examples of proof-of-work systems which are ordinarily
used as means of spam reduction.
- Further, HashCash does not involve factoring, but rather the discovery
of partial clashes in a hashing algorithm. (You are perhaps thinking of
asymetric encryption algorithms like RSA in which the working out the
arguments given only the modulus is equivalent to factoring.)
...
> Yahoo breaks the rules. When you try to subscribe to a Yahoo Groups list, it
> tries to send a dummy message to the specified address, as a way of verifying
> that the address exists. This is fine, except when my greylister refuses the
> message, Yahoo's servers don't try again and assume the address is invalid.
> This is illegal and violates the SMTP standard, which is defined in a
> document called RFC2821: http://www.ietf.org/rfc/rfc2821.txt
Umm, your statements about RFC2821 are simply incorrect.
- The behaviour that you describe is not "illegal". In the context of an
RFC, the strongest statement that you can make about an implementation
is that it is "non-conforming" or "non-complying".
- WRT the specific behaviour that you describe, for an
otherwise-conforming SMTP client to fail to queue for retrying simply
means that it is not "fully-capable". It is entirely legitimate
behaviour.
Granted, Yahoo's behaviour (and that of a handful of other
organisations) plays very badly with greylisting.
- Raz
More information about the Sclug
mailing list