Friday, 8. August 2003
PermaLink DUMB: POP3 fetching to SMTP
A salutary tale for anyone who believes that it is OK to fetch email with POP, then route it through their intranet with SMTP.

I have written about the dangers of POP fetching before. Here is a real life example of how embarrassing that can be.

A probably well meaning, but misguided spammer decided to broadcast details of an unmissable opportunity to a large number of addresses, all in the "To:" field of the message. (looks like a breach of the UK Data Protection Act, but that's another story).

Recipients were perplexed to find two seemingly identical copies of the spam in their in-boxes this morning. I actually went so far as to report both as they had come from different ISPs.

A short while later, I had a reply from one ISP saying there had been an open relay and that they were dealing with it as per their AUP. Being accustomed to reading headers, I thought this odd. It hadn't looked like a third party relay to me, so I looked again.

Digging through the labyrinth of received headers, I eventually found that one recipient of the spam was using POP3 fetching, then routing the mail over an intranet with SMTP. Of course, the POP3 fetch had destroyed the SMTP envelopes and subsequently re-created them, inferring them from the header fields "From:" and "To:".

So when the mail got to this particular recipient's intranet mail server, this server looked at all of the newly derived forward envelopes (where previously there had been only one, belonging to the local recipient) and faithfully dispatched fresh copies of the whole message to every non-local recipient. So everybody except that local recipient got two spams for the price of one.

What I want to know is this:

Who sells these POP3 fetching hacks to end users?

This wasn't really the fault of the company whose system rebroadcast the message. This was a small company, probably having no full time IT staff and they have bought email service from a provider who ought to know better.

There are alternatives too, so why do they do it?

I expect this particular user of POP3 fetching will be asking his provider some interesting questions about his "open relay". Oh, to be a fly on the wall...

Category: Dumb and Dumber
Technorati:

Comments :
None yet...
Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Hot Categories
Domains
IPv6
Internet
Malware
Monthly Archive
2009
2008
2008
2008
2008
2008
Full Archive
Links
CircleID
Anti-Spam Tools
Misc Links
Land banking information
Contact Me
email - Chris Linfoot
Subscribe
Subscribe to articlesArticles

Subscribe to commentsComments