High Scoring Spam Actions

mikea mikea at MIKEA.ATH.CX
Fri Oct 31 15:47:59 GMT 2003 

On Fri, Oct 31, 2003 at 10:19:17AM -0500, Mark Spieth wrote:
> Before I go through the trouble of setting up a test server I figured I
> would send this out to the list..
>
> When dealing with high spam, More importantly email coming in from mail
> servers which are tagged as high spam due to being on a RBL list.
> Currently I have our high spam action set to:
>
> High Scoring Spam Actions = bounce delete
>
> I really need to send a bounce message back even though I realize that
> 99.9% of all messages are from spoofed or fake email addresses. The
> problem is when one of our customers receives an email from one of their
> customers which may be accidentally on a blacklist I can at least bounce
> the message back to them so it just doesn't go into a black hole and
> they don't realize it was never delivered. The above action works fine,
> But here is my problem.
>
> Should a message come in as From:user at domain1.com To:user at domain1.com
> and is tagged as high spam, user at domain1.com would receive the bounce
> message. Even though they did not really send the first message because
> the spammer spoofed the from email address. There is only 1 domain that
> has complained about this. I want to run a ruleset for high spam actions
> which will basically do a
>
> #Domain1.com rules set
> FROMANDTO domain1.com delete
> #everyone else
> bounce delete
>
> How would I formulate the rules set?

This isn't an answer to your question. It is an objection to your
intentionally bouncing mail when you agree and admit that it probably
will go to the wrong place 99.9% of the time.

Not all those addresses are fake. It is fairly common for them to be
valid, and the spammer does this in an attempt to cause the bounce-
recipient some pain. One spammer faked my address and caused me to get
11987 separate complaints/bounces.

Bouncing instead of rejecting, under these circumstances, is IMHO
at least potentially abusive, and could cause mail from you to be
rejected.

--
Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin

More information about the MailScanner mailing list