Email blocking rules. Overview ======== Electronic mail is arguably the largest and most important service provided by the Internet. It is also being widely abused to cheaply deliver junk email solicitations to millions of people every day. This abuse is forcing email service providers, such as C&C, to tighten up on how email forwarding is implemented to cut down on abuse and the complaints that result. These tightened policies mean email users, mostly those using desktop mail clients, are more likely to have problems unless they know what policy restrictions are in place and how to deal with these restrictions. This document is intended for computing support staff to use to understand the email delivery restrictions put in place by C&C on Uniform Access (UA) hosts and for helping their users with any problems they have with email delivery because of these restrictions. It is assumed here that you are familiar with Domain Name System (DNS) naming and C&C's UA systems. Why reject or block email? ========================== The short answer is, because the email servers on UA systems are being abused to send junk email and those receiving this junk email are, rightly, complaining. For those who may need to respond to users' questions, here is an attempt at an explanation that might help. In the last two years, a form of doing business on the Internet has emerged that takes advantage of two features of the Internet. One is the ease of gathering (or simply buying from someone else) literally millions of email addresses. Your email address is exposed when you post to Usenet newsgroups, fill out forms on web pages, and can be even be "harvested" from your own web pages when you use "mailto:" links in HTML files. The second feature these businesses are taking advantage of is the extremely low cost and simplicity of sending "email spam" or "junk email", to millions of email addresses. This is used to advertise products and services, and promoting illegal multi-level marketing and fraud schemes. Often this is done by getting a free "trial" account with a large Internet Service Provider (ISP) and sending a batch of email just once before abandoning the account. No matter how it is sent, unsolicited junk email is an extremely annoying practice that is growing rapidly and generates angry complaints from many who receive it. One tactic many junk emailers use is to forward their email through another unsuspecting site in order to try to bypass junk email blocking programs and to deflect the complaints from the junk emailer's Internet Service Provider to these other sites. For more information on junk email, see sites like: http://www.cnet.com/Content/Features/Howto/Spam/index.html http://spam.abuse.net/spam/ http://www.mcs.com/~jcr/junkemail.html Because of these complaints and instances of gatewaying email through UW computers, it has become necessary to block email forwarding in situations where it may have worked in the past, even though it was never advertised that it should be forwarded. How is email forwarding supposed to work on C&C systems? ======================================================== The largest service provided by C&C to UW students, staff, and faculty, is electronic mail. There is an equally large infrastructure of email exchangers and servers, something similar to the central metropolitan U.S. Postal Service offices and the smaller branch offices in neighborhoods throughout the city (and those green boxes on street corners that temporarily hold the mail while carriers deliver/collect mail on their routes). Tens of thousands of people get and send email from UA systems such as Homer and Dante. People using these systems do not need to know about the email delivery infrastructure or worry about how it works; their email seems to be sent immediately (even though it really may take a circuitous route through many systems on the Internet before being delivered to the intended recipients). Others on campus use desktop mail client programs on a PC or Macintosh computer, such as Netscape, PC-Pine, Eudora, or Mailstrom, for sending and reading their email. These desktop users need to know about and use the services of an SMTP "forwarding host" (sometimes called a "relay host") to help deliver their email. C&C maintains such a forwarding host for these desktop users and workstations within departments that don't themselves run SMTP servers. This system is "mailhost.u.washington.edu". This is the *only* system intended for use by individual users as an SMTP forwarding host. If desktop users configure their email clients to use the mailhost system, they will not have any problems sending email to anyone, no matter if they are sending from a computer with a DNS name of "their-pc.their-department.washington.edu", "some-other.university.edu", or even "aol.com". Using "mailhost.u.washington.edu" for SMTP forwarding is all that users need to know and if they are not having problems, it isn't necessary to read any further. Some users, often through misunderstandings of how UA computers are used, may try to use other systems for SMTP forwarding service. They may try to use the name "homer.u.washington.edu", "mailer5.u.washington.edu", or even "weber.u.washington.edu". This is where C&C is tightening up on SMTP forwarding and where email rejection can occur. If users are experiencing problems with rejected email, one of the first questions they should be asked is, "what host are you using as your SMTP 'relay' or 'forwarding' host?" If it is not "mailhost.u.washington.edu", explain to them how to use this host for forwarding instead. This should solve their problem. What email messages are rejected? ================================= Email will be sent or rejected based on where it's sent from and to whom it is addressed. These two criteria must be understood when deciding on what is and isn't going to be rejected. First, there is the "sending host". This is the system that is trying to forward email through a UA host that speaks SMTP. This sending host, be it a PC, Macintosh, or Unix workstation, has an IP network address and usually also a DNS name. Next, there are the "addressees" of the email. That is, the email addresses to which the message is going to be sent (e.g., those listed on the "To:", "Cc:" and "Bcc:" lines in the email header), for example "user@host.cac.washington.edu" or "theirbestfriend@aol.com". In the first case, the message is going to someone in the "cac.washington.edu" domain (which is in the ".washington.edu" domain) and, in the second case, to "aol.com" (which is not in the ".washington.edu" domain). On all the UA computer systems, except "mailhost.u.washington.edu" as stated above, the rule is that email will be rejected if all of the following conditions are met: 1). The email was NOT sent from someone on the UW network (i.e., the sending host does not have a DNS name ending in ".washington.edu') and 2). The addressee does NOT have an email address that ends with ".washington.edu" and 3). You are NOT using "mailhost.u.washington.edu" as your SMTP forwarding host. If all of these conditions apply, we will assume that this is someone outside the UW who is trying to gateway email through a UW system to a non-UW network, most likely a junk emailer, and the message will be rejected. This check on "To:" addressees is done for each address given to us in an SMTP "RCPT TO" command separately, i.e., each person listed in a "To:", "Cc:" or "Bcc:" line. Messages will be rejected on a per-addressee basis (meaning that some messages which are addressed both to UW and non-UW addressees, and sent from a non-UW network, will still get through to the UW addressees, while the others will be rejected). This may mean that someone who is not using "mailhost.u.washington.edu" will have no problems whatsoever unless and until they try sending email to someone outside the UW, and then only these messages will be rejected. This may be hard to diagnose without first knowing how SMTP forwarding is being done. If switching to "mailhost.u.washington.edu" for SMTP forwarding does not work for some reason, or you have questions about anything presented here, send email to help@cac.washington.edu.