From = to

Matt Kettler mkettler at EVI-INC.COM
Fri Jul 18 22:38:54 IST 2003

At 03:57 PM 7/18/2003 -0500, Alan Fiebig wrote:
>So, what I'm looking for is some means of bypassing the 'bounce' action
>anytime the 'From:' or the 'Rely to:' is the same as the 'To:' address.
>Any ideas?

(note: the following is my opinion, but it's at least one that comes from a
fairly well thought-out perspective).

My suggestion would be to not use bounce at all. The way it's done in
MailScanner (which is really the best that MS can do) is pretty much
hopelessly broken and abuses other networks.

99.99% of spam has a forged From: address, so bouncing these messages
increases the severity of joe-jobs. The only useful function it provides is
in the case of a false positive, the sender is notified. However, if your
false-positive rate is reasonable, at least 99% of your bounce messages are
just going to some poor guy that got joe-jobbed.

That's a "more harm than good" situation by a ratio of approximately 100:1.

silent deletion isn't exactly a good idea either, but it's at least it
isn't dumping your spam problems back onto another network.

I'd say best practice is to tag-only or quarantine for hand review.
Bouncing with MS is just a bad idea that is only attractive to those who
like to litter in other people's yards.

More information about the MailScanner mailing list