Correct answer: Community Forums - Re: Major bug in SMTP rate-limiting implementation

corbulon · ‎03-12-2012

I use my home computer to, among other things, host a mailing-list for a fan-club of a contemporary Russian poet. The total list of subscribers is about 40 people and messages are, on average, rare.

However, when a discussion picks up, the number of e-mails can briefly spike easily exceeding Verizon's "you must be spamming" threshold. Imagine: one person asks a question and two others respond. Both the question and the responses get sent to the list, so that's 3x40=120 e-mails. If the discussion gets any longer, the e-mail account gets suspended for several days for exceeding the quota...

I understand, why Verizon rate-limits the outgoing e-mail sending and don't object to it in principle. However, the current implementation has a major flaw. When the threshold is exceeded, instead of blocking all subsequent messages with a permanent error (5xx in SMTP-speak), the server ought to issue a temporary failure (4xx in SMTP-speak).

This would block any spam-bots just as effectively, but allow legitimate messages to be properly queued by the sender's computers for resending. The 5xx code signals a permanent error so instead of being queued, the innocent message is suddenly bounced.

A friend of mine is an RCN-subscriber and we know, that RCN implements rate-limiting exactly this way: if you are sending "too much", your messages will start being temporarily rejected for a while.

corbulon · ‎03-28-2012

Actually, Verizon's servers are configured in a way that you don't agree with. That doesn't make it a bug.

Returning a permanent error in the case of a temporary condition is a bug. Look up "SMTP".

Again, *you* are the one violating the email use limits. Repeatedly.

If Verizon made it a policy, that words "mortgage" and "viagra" can not occur in outgoing e-mails, would you still be siding with them? What is your "this is ridiculous" threshold? I claim, the current policy has a bug in it — whether the policy is spelled in (Legalese) English or in some programming language is irrelevant.

Verizon can limit that behavior in any way they want.

They can, which is why I am not suing them. However, working with servers and configuring server software for a living myself, I can recognize an unintended consequence, when I see one.

This is, clearly, a bug -- it does neither Verizon nor its customers any good whatsoever to treat innocent customers as spammers. And I know, how the current situation came into being. The conversation went similar to this:

We need to prevent spam from originating on our computers.
Oh, recognizing spam as such is a very difficult task...
Is it really? Ok, how about we simply limit the number of messages each customer can send per hour? Pick a high limit — anybody sending above that can only be a spammer...
Yes, we can implement that, no problem.
Go ahead, thanks!

In other words, somebody at some point suggested, that exceeding a certain number of e-mails per hour is a reliable indication of spamming activity. And it was then agreed, that anybody thus identified be treated as a spammer...

My example demonstrates, how a legitimate user can exceed the limit without being a spammer. Just as it is possible to discuss mortgages and viagra without being a spammer, or wear a short skirt without being a prostitute, it is possible to send large amount of e-mails on occasion. This shows, that "sending too much" is not a reliable indication of spamming and anything, that treats it as such is buggy.

Yes, it is still likely that such high rate is due to a spam-bot infection, but it is not a guarantee of it. My proposal contains a fix — high rate sending is stemmed, but without bounces. Instead of an error, the users get a delay. Verizon thanked me for it. {Censored}

View solution in original post

Anthony_VZ · ‎03-14-2012

I am sorry to hear that you disagree with our implementation of Spam prevention. You can post your idea for review and possible adoption at the Verizon Idea Exchange. Please search on the idea exchange and cast your vote. There may be another member who made the same suggestion. If not, please add a new idea so your fellow community members can comment and vote on your suggestion. http://forums.verizon.com/t5/Verizon-Idea-Exchange/ct-p/ideaexchange . The Verizon Idea Exchange is there for you to submit your ideas and suggestions to Verizon so that we can consider them as we innovate our products and services

corbulon · ‎03-14-2012

Anthony, this is not a "disagreement" -- I'm pointing out a bug. The bug manifested itself with the following two problems:

Although none of the e-mails sent by my computer were spam, I was "identified" as a spammer and my access to SMTP was suspended for days. For no good reason.
Even if it were possible to appeal such automatic verdict (and I did try to talk to a customer support representative), permanent rejections in the case of a temporary error are wrong -- and in violation of SMTP specifications.

I did post the same text under the "New Ideas", but I don't think, "new idea" is the good place for this. I'm not suggesting a new service, but demanding a fix to the existing one.

somegirl · ‎03-19-2012

@corbulon wrote:
Anthony, this is not a "disagreement" -- I'm pointing out a bug. The bug manifested itself with the following two problems:
Although none of the e-mails sent by my computer were spam, I was "identified" as a spammer and my access to SMTP was suspended for days. For no good reason.
Even if it were possible to appeal such automatic verdict (and I did try to talk to a customer support representative), permanent rejections in the case of a temporary error are wrong -- and in violation of SMTP specifications.
I did post the same text under the "New Ideas", but I don't think, "new idea" is the good place for this. I'm not suggesting a new service, but demanding a fix to the existing one.

You agreed to abide by Verizon's ToS when you signed up for the service, which includes the sending limits. When you violate the limits that you agreed to, Verizon has the right to take whatever action they feel is appropriate.

If you are going to be exceeding this limit regularly, you should look into a different mailing solution. Verizon offers business-level packages, or you can look into another email provider.

If a given provider does not meet your needs then you shouldn't be using that service, plain and simple. Vote with your wallet.

corbulon · ‎03-19-2012

You agreed to abide by Verizon's ToS when you signed up for the service, which includes the sending limits. When you violate the limits that you agreed to, Verizon has the right to take whatever action they feel is appropriate.

Don't even go there, girl. These "agreements" are "subject to change" at a moment's notice and the ISP reserves the right to suspend anybody's service for any reason.

This thread is not about legality of Verizon's implementation, however. I'm not threatening to take them to court over it... They did it this way not because they prefer it this way, but because they simply don't know any better... Somebody somewhere asked: "Well, what's the maximum number of e-mails, that a customer can legitimately generate per hour?" And thus a limit went down -- and some pointy-haired boss managed a couple of "off-shore resources" into producing the current implementation.

{please keep your posts courteous}

Verizon offers business-level packages;

I am not running a business, Ok? This is a fan-club -- a real one, not something financed by the sale of merchandize or some crap. My usage of the Internet may not be typical, but it is still perfectly legitimate and not at all abusive or spamming. My total traffic is, in all likelihood, below average. That Verizon has automatically determined me to be a "spammer" is offensive and otherwise wrong. Does it seem fair to you, that I have to pay extra ("business-level") just to avoid a bug?

If a given provider does not meet your needs then you shouldn't be using that service, plain and simple. Vote with your wallet.

Wow! Capitalism and a free market! What a novel idea! If the government hadn't enforced a communication monopoly for decades, maybe, I would've had more choices by now. But I'm stuck with a duopoly here (and I'm lucky to live in an area where there is even this much choice), so voting with my wallet is tricky -- even if one could escape a two-year contract, that is...

But I am managing, thank you. I know enough about networking to able to deal with this nonsense. I'd rather not deal with it, though -- and so I'm pointing this out to Verizon in the hope, they'll fix their bug. The existing situation benefits no one -- neither them, nor me, nor you... {please keep your posts courteous}

dslr595148 · ‎03-20-2012

@corbulon wrote:

Wow! Capitalism and a free market! What a novel idea! If the government hadn't enforced a communication monopoly for decades, maybe, I would've had more choices by now. But I'm stuck with a duopoly here (and I'm lucky to live in an area where there is even this much choice), so voting with my wallet is tricky -- even if one could escape a two-year contract, that is...
But I am managing, thank you. I know enough about networking to able to deal with this nonsense. I'd rather not deal with it, though -- and so I'm pointing this out to Verizon in the hope, they'll fix their bug. The existing situation benefits no one -- neither them, nor me, nor you... {please keep your posts courteous}

Sigh..

They where talking about using another e-mail service provider. For example, GMAIL.

somegirl · ‎03-20-2012

@dslr595148 wrote:
@corbulon wrote:

Wow! Capitalism and a free market! What a novel idea! If the government hadn't enforced a communication monopoly for decades, maybe, I would've had more choices by now. But I'm stuck with a duopoly here (and I'm lucky to live in an area where there is even this much choice), so voting with my wallet is tricky -- even if one could escape a two-year contract, that is...
But I am managing, thank you. I know enough about networking to able to deal with this nonsense. I'd rather not deal with it, though -- and so I'm pointing this out to Verizon in the hope, they'll fix their bug. The existing situation benefits no one -- neither them, nor me, nor you... {please keep your posts courteous}
Sigh..
They where talking about using another e-mail service provider. For example, GMAIL.

Exactly. Your email provider is not limited by your ISP, or by where you are physically located.

corbulon · ‎03-20-2012

Your email provider is not limited by your ISP, or by where you are physically located.

Didn't I state, that I found a work-around? I did... Despite Verizon blocking outgoing port 25 even. The point was and remains, that I shouldn't have had to look for a work-around. At all. Verizon's servers are more than capable to carry all my SMTP traffic. They begin to reject my mail not because they are bordering on the limits of their capacity, but because they mistakenly presume me to either be a spammer myself or be infected by a spam bot. That mistake is what I'm complaining about here.

dslr595148 · ‎03-22-2012

If not another e-mail provider, why not use facebook/twitter (or other social media) OR something like Yahoo Groups?

corbulon · ‎03-22-2012

If not another e-mail provider, why not use facebook/twitter (or other social media) OR something like Yahoo Groups?

Are you suggesting, we switch to software/service simply because Verizon can't fix its SMTP-handling? Thanks... Maybe, some day, e-mail service at major ISPs will go the way of Usenet. But I hope, that day is not coming.

I have several reasons against facebook/twitter (which did not even exist, when our club began) and Yahoo! Groups, but posting these reasons here will take the discussion even further off-topic.

And the topic is: Verizon's SMTP-servers have a bug, which needs fixing.

Discussions

Mobile

5G / LTE Home Internet

Fios

Accessories

Entertainment

Level Up

Help

Tutorials

Archives

Add thoughts to the community

Browse discussions within categories