For those of us that feel strongly that email should be a reliable transport medium.

Matt Kettler mkettler at EVI-INC.COM
Tue Feb 10 18:52:37 GMT 2004


At 01:09 PM 2/10/2004, Admin Team wrote:
>Julian, as opposed to "bouncing" a message, can we implement something to
>notify a sender politely that
>they *may* have sent an email to someone that did not get delivered and
>*IF* they do not know this person
>to disregard the message.

Unfortunately this just ignores the underlying problem of bounces and just
replaces it with something with a different name.

If nothing else, your suggested change makes life HARDER for the victims of
Joe jobs because the message now doesn't even look like a bounce and can't
be procmailed out as easily. (Imagine receiving thousands of
"notifications" per hour in hundreds of different formats. Ouch.)

To explain a bit, the fundamental problem with post-delivery bounces and
notifications is the DDoS that results from thousands of domains sending
hundreds of thousands of notifications to forged addresses that spammers use.

It's not the content of the message that's a problem, it's the number of
them and the vast number of sources they all come from.

Post delivery bounces, notifications, etc are a very BAD thing for those on
the receiving end of a joe job. They make a bad situation significantly
worse. In the case of spam notifications, you already know there's at least
a 99% chance that you're sending email to a joe job victim, so why are you
sending it in the first place?

Really, there are other ways to handle the 1% of the spam-matches that are
false positives without abusing 99% of the rest of the world. Use A SMTP
layer 550, tag it, quarantine it, or whatever. But don't generate
post-delivery bounces, notices, or whatever name you want to call them.



More information about the MailScanner mailing list