Loading ...
Sorry, an error occurred while loading the content.

Annoying stupid non-conforming auto-responders! (was: Re: SPAM -> Re: [hackers-il] My "Stop Using (and Teaching) C-Shell and Tcsh" Page)

Expand Messages
  • Arik Baratz
    ... I tell you, if I had a web site with a folder named anti , I would write a piece about these auto-responders there. People, there is an RFC, and
    Message 1 of 3 , Oct 7, 2007
    • 0 Attachment
      On 7 Oct 2007 11:06:51 -0000, alex@... <alex@...> wrote:
      > Hi,
      >
      > My e-mail has been changed.
      > Please, re-send your e-mail to my new e-mail address which
      > can be found at http://www.breakt.co.il/~alexr/alex_very_secret_email.html
      >
      > Thank you!
      >
      > Alex
      >

      <rant>
      I tell you, if I had a web site with a folder named "anti", I would
      write a piece about these auto-responders there.

      People, there is an RFC, and it's number is 2821. Please please
      please, before you write any piece of software that deals with email,
      be it an MUA, MTA or any piece of code, ESPECIALLY if said piece of
      code runs unattended, DOUBLY SO if said piece of code responds to an
      email message automatically. If you don't feel like reading the RFC,
      don't write the code.

      Unfortunately, if you do decide to not write the code and use an
      existing piece of code, you're still not guaranteed that the code is
      compliant. Actually it is un-compliant, more likely than not. The sad
      state of affairs is that indeed people don't write good compliant code
      when it comes to auto-responders, and there's more crap out there than
      anything else. Perhaps because writing an auto-responder or a vacation
      program is a task that looks insignificant. I don't really know.

      The two golden rules about auto-responders, which unfortunately most
      do not comply with are as follows:

      1. If you are an automatic piece of code replying to email, you MUST
      reply to the envelope address (and if you're not an MTA, to the
      address in the "Return-Path" header, which is where the MTA should
      have put the envelope address). It's a MUST. If there is no envelope
      address, do refrain from sending the message.

      All (well written) lists put their bounce address there, which will,
      in short order, unsubscribe the user from the list due to excessive
      bounces. Other lists put the list owner there, which is the person
      responsible for bounces. What you should absolutely MUST NOT do is use
      the "From" or the "Reply-To" headers. They're only meant for MUAs. You
      have no business looking there.

      2. If you generate an automatic reply, you MUST leave the envelope
      address empty. This is an equally important rule, because together
      with rule 1 it will stop mail-loops from being formed. An empty
      envelope address is perfectly legal and conforming to the
      aforementioned RFC.

      Quoting from [1]:
      If there is a delivery failure after acceptance of a message, the
      receiver-SMTP MUST formulate and mail a notification message. This
      notification MUST be sent using a null ("<>") reverse path in the
      envelope. The recipient of this notification MUST be the address
      from the envelope return path (or the Return-Path: line). However,
      if this address is null ("<>"), the receiver-SMTP MUST NOT send a
      notification.

      Alex's auto-responder fails on both counts, which makes me want to
      send him a message with himself in the "From" header about 100 times,
      just to see his hosting and traffic costs go up as his auto-responder
      goes into a loop. But I wouldn't do it. I'm not that bad.

      I'd like to mention one particular widespread non-compliant program,
      Microsoft Outlook's Out Of Office Assistant (which actually executes
      inside Microsoft Exchange). Yes, it's non-compliant. It half-redeems
      itself by saving a cache of the addresses it responded to and refrains
      from sending messages to them again. Let's see if Alex's
      auto-responder does that, I'll know as soon as I'll send this
      message...
      </rant>

      Take care, do good.

      -- Arik

      [1] RFC 2821 section 6.1
    • Omer Zak
      Arik s rant deserves a Nobel prize. Arik described the problem, where to find the solution, and even (briefly) the solution itself. I am honored to save the
      Message 2 of 3 , Oct 7, 2007
      • 0 Attachment
        Arik's rant deserves a Nobel prize.

        Arik described the problem, where to find the solution, and even
        (briefly) the solution itself.

        I am honored to save the rant in my archival folders, for future
        reference.
        --- Omer

        On Sun, 2007-10-07 at 04:44 -0700, Arik Baratz wrote:
        > <rant>
        [... snipped ...]
        > People, there is an RFC, and it's number is 2821.
        [... snipped ...]
        > </rant>

        --
        One does not make peace with enemies. One makes peace with former
        enemies.
        My own blog is at http://www.zak.co.il/tddpirate/

        My opinions, as expressed in this E-mail message, are mine alone.
        They do not represent the official policy of any organization with which
        I may be affiliated in any way.
        WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
      • Nadav Har'El
        ... My two favorite out-of-office messages are this: You are receiving this automatic notification because I am out of the office. If I was in, chances are
        Message 3 of 3 , Oct 7, 2007
        • 0 Attachment
          On Sun, Oct 07, 2007, Arik Baratz wrote about "Annoying stupid non-conforming auto-responders! (was: Re: SPAM -> Re: [hackers-il] My "Stop Using (and Teaching) C-Shell and Tcsh" Page)":
          > I tell you, if I had a web site with a folder named "anti", I would
          > write a piece about these auto-responders there.

          My two favorite out-of-office messages are this:

          "You are receiving this automatic notification because I am out of the
          office. If I was in, chances are you wouldn't have received anything
          at all."

          "I will be unable to delete all the unread, worthless emails you send me
          until I return from vacation. Please be patient and your mail will be
          deleted in the order it was received."


          :-)


          --
          Nadav Har'El | Sunday, Oct 7 2007, 25 Tishri 5768
          nyh@... |-----------------------------------------
          Phone +972-523-790466, ICQ 13349191 |Cats aren't clean, they're just covered
          http://nadav.harel.org.il |with cat spit.
        Your message has been successfully submitted and would be delivered to recipients shortly.