Wiki request: spam bounces

Matt Kettler mkettler at EVI-INC.COM
Thu Apr 14 18:54:16 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

> Can someone please put a page on the Wiki about why bouncing spam is a
> bad idea and is not the solution to their problem when they are getting
> a few false alarms from the spam filters. What are the better solutions
> to this problem, when they think a few of their customers' emails are
> being flagged as spam?
>
> Thanks folks. I've got a particularly awkward case at the moment, and I
> really don't have the energy to go through the whole thing yet again.


Julian, ordinarily I'd jump right on this, being a vocal advocate
against the bounce feature.

However, I'm currently a bit busy with work matters, and I don't expect
that to clear up until next week.

Some of the information on this page may be of value:
http://kmself.home.netcom.com/Rants/avspam.html

Most arguments in favor of bouncing spam stem from some idea about
"reliable mail". These arguments are of the same sort that argue the
need for an open relay because it's necessary so they can mail through
their server while traveling, and thus a "reliable mail" necessity.

While post-delivery bouncing of spam does offer a reliable recovery from
FP, it turns your mailserver into malware that anyone in the world can
use as a DDoS client. Just like a wide open mail relay may allow you to
send mail while you're traveling, but also allows every spammer in the
world to abuse it.

Most sensible network admins regard post-delivery bounces of spam,
viruses, etc. as a network attack. I personally take this stance, and I
handle it the same way I would handle any network attack or intrusion
attempt incident. First, try to advise the admin of the problem. If it
continues, I blacklist the server and/or domain. If it continues gets
bad enough to noticeably effect service here despite the blockade, I've
got no reason to ever hesitate to pick up the phone and file a network
abuse complaint with the upstream provider. Intentional misconfiguration
despite warnings gets handled as an intentional malicious attack, and
malicious attacks that degrade service cause incident reports.

Thus far I've never had to do that for spam bouncing, however a few
domains that are permanently in my 550 list due to spewing malformed
bounce garbage on a persistent but small volume basis.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list