June, 5, 2003 archives

rfc 2821 (the successor to the venerable rfc 821, the original smtp standard specification) is quite clear in section 6.1 about where to report delivery failures after your smtp server has accepted the message: The recipient of this notification MUST be the address from the envelope return path (or the Return-Path: line).

(and note that Return-Path is not a header sent to you -- outgoing SMTP servers SHOULD NOT add one according to section 4.4 of the same specification.)

perhaps there should be a bounces-to-wrong-address.rfc-ignorant.org. perhaps a uses-braindead-virus-scanner.rfc-ignorant.org would be useful, too.

on friday morning, i go under the knife for a microdiscectomy. i’m skipping the epidural cortisone injection treatment option—any success would only be temporary. nuts to that.

i mentioned before that my physical therapist had told me that my herniated disc was between L4 and L5, which turned out to be wrong. it is actually between L5 and S1, and is compressing the left S1 nerve root.

i had images of the mri printed that i ended up not needing to bring to my initial appointment with the surgeon (he was able to see me earlier than planned, and the prints were not ready, so he was just able to pull them up online—i didn’t ask why it was necessary to get them printed at all). i’ll have to remember to pick them up and see if i can scan them in somehow.

things i look forward to:

• working while actually sitting at a desk (i’ve been standing for the last few weeks)
• sleeping through the night (and actually keeping a normal schedule)
• no longer taking vicodin

update: two months after the surgery, i am almost totally pain-free (just a little twinge now and then to keep me honest). it only took about a week to get back to work after the surgery. if you find yourself in a similar situation, do not fear the surgery.

hot on the heels of the recent w32/sobig.c@mm menace comes another generation of the bugbear worm.

i choose to blame mike greenwood, who played gilbert in revenge of the nerds iii: the next generation. damn him and his not being anthony edwards!

this article by anick jesdanun of the associated press (on msnbc) about criticisms of earthlink's challenge-response anti-spam system from list owners is pretty on-the-nose. challenge-response for individuals is pretty onerous. for mailing lists, though, my experience with the php and mysql lists is that it does a really fantastic job of thwarting spam, at the cost of some people with poorly configured mail systems having trouble posting to the list because they never see the challenge.

the form of personal challenge-response that i think is most useful is simply bouncing apparent spam. as i've said before, i am not a fan of filtering. if i send someone an email that happens to get classified as a false positive, i'd rather it be bounced back to me so i can try again instead of it being buried in some filtered folder that they check rarely and/or incautiously.

ed felten also covered another critical weakness in challenge-response systems—spammers could make their spams look like challenges to slip through the let-challenges-through loophole you'd need to add to the challenge-response system if this technique were widespread.

this is another big spam loophole in smtp generally: a good system will let rejection notices through, but there's no way to validate that a rejection notice is legitimate. this would be pretty easy to fix if you could get the cooperation of mta software authors..

hopefully these issues are being discussed in depth as part of the ietf asrg.