High Scoring Spam Actions

Mark Spieth mspieth at NEOD.NET
Fri Oct 31 15:49:40 GMT 2003

I agree, I would really prefer to just bounce mail from servers on the
RBL lists, However I don't see that as being an option with out a head
end server which just does RBL.

Mark Spieth - Director of Internet Services
Northeast Ohio Digital Inc.
mspieth at neod.net
CONFIDENTIALITY NOTICE: The materials attached hereto are confidential
and the property of the sender. The information contained in the
attached materials is privileged and/or confidential and is intended
only for the use of the above-named individual(s) or entity(ies). If you
are not the intended recipient, be advised that any unauthorized
disclosure, copying, distribution or the taking of any action in
reliance on the contents of the attached information is strictly
prohibited. If you have received this transmission in error, please
discard the information immediately.

-----Original Message-----
From: mikea [mailto:mikea at MIKEA.ATH.CX] 
Sent: Friday, October 31, 2003 10:48 AM
Subject: Re: High Scoring Spam Actions

On Fri, Oct 31, 2003 at 10:19:17AM -0500, Mark Spieth wrote:
> Before I go through the trouble of setting up a test server I figured
> would send this out to the list..
> When dealing with high spam, More importantly email coming in from
> servers which are tagged as high spam due to being on a RBL list.
> Currently I have our high spam action set to:
> High Scoring Spam Actions = bounce delete
> I really need to send a bounce message back even though I realize that
> 99.9% of all messages are from spoofed or fake email addresses. The
> problem is when one of our customers receives an email from one of
> customers which may be accidentally on a blacklist I can at least
> the message back to them so it just doesn't go into a black hole and
> they don't realize it was never delivered. The above action works
> But here is my problem.
> Should a message come in as From:user at domain1.com To:user at domain1.com
> and is tagged as high spam, user at domain1.com would receive the bounce
> message. Even though they did not really send the first message
> the spammer spoofed the from email address. There is only 1 domain
> has complained about this. I want to run a ruleset for high spam
> which will basically do a
> #Domain1.com rules set
> FROMANDTO domain1.com delete
> #everyone else
> bounce delete
> How would I formulate the rules set?

This isn't an answer to your question. It is an objection to your
intentionally bouncing mail when you agree and admit that it probably
will go to the wrong place 99.9% of the time.

Not all those addresses are fake. It is fairly common for them to be
valid, and the spammer does this in an attempt to cause the bounce-
recipient some pain. One spammer faked my address and caused me to get
11987 separate complaints/bounces.

Bouncing instead of rejecting, under these circumstances, is IMHO
at least potentially abusive, and could cause mail from you to be

Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin

More information about the MailScanner mailing list