Spam Bounce action issues

Alex Neuman alex at nkpanama.com
Thu Jun 3 20:00:48 IST 2004 

Two questions then:

1. How would your system distinguish fake and non-fake bounces?

and most importantly,

2. How would other people (i.e., me) distinguish bounces from faked headers
vs. bounces from actual spam?

Those who choose to bounce spam back to senders just create more problems
than they solve, while using more bandwidth than they should. How can anyone
tell that the spam came from a specific sender or it was a fake (a joe job)?

And if two such people bounce each other, and they think that their messages
are spam, then bounce them back... Hmmm... This is a bad situation waiting
to happen.

Reminds me of a problem with a virus faking a mail from Person B to Person A
(who was on vacation) a message, and Person A's misconfigured vacation
program sent a message back to Person B (who was, coincidentally, also on
vacation, using the same misconfigured vacation program), and vice versa,
until high cpu loads and low disk space forced them to fix their
configuration.

Bouncing bad content (like .exe files where policy says otherwise) is a good
idea. Bouncing spammy messages is still problematic, IMHO.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Alan
Sent: Thursday, June 03, 2004 11:22 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Spam Bounce action issues


I too am one of those that feels I must send bounce messages to senders so
that they are aware that their email was not accpeted, rather than them
thinking 'no news is good news'. In my defense, I do run a narrow band
between low scoring spam that I bounce and high scoring spam that I do not
bounce. I also do not bounce any virus non-deliveries.

Now, on to how I prevent my own customers from receiving bounce reports so
that they do not receive erroneous reports from messages with forged from
headers.

I utilize MS's "spam.nobounce.rules" rule set, and place an entry in it to
delete messages identified as spam where the 'From' address is from my
domain. Identified spam from other domains has an action of 'delete bounce'.

So, considering that my domain is 'elknet.net', my 'spam.nobounce.rules'
file looks like this:

   From:           *@elknet.net    delete
   FromorTo:       default         delete bounce

That takes care of the problem for me!

-Alan

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list