Wiki request: spam bounces

Julian Field MailScanner at ecs.soton.ac.uk
Thu Apr 14 18:57:54 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt,

Many thanks for that. I have cc-ed Steve Swaney on this who may be
prepared to write some docs for me about this problem.

Matt Kettler wrote:

>Julian Field wrote:
>
>
>
>>Can someone please put a page on the Wiki about why bouncing spam is a
>>bad idea and is not the solution to their problem when they are getting
>>a few false alarms from the spam filters. What are the better solutions
>>to this problem, when they think a few of their customers' emails are
>>being flagged as spam?
>>
>>Thanks folks. I've got a particularly awkward case at the moment, and I
>>really don't have the energy to go through the whole thing yet again.
>>
>>
>
>
>Julian, ordinarily I'd jump right on this, being a vocal advocate
>against the bounce feature.
>
>However, I'm currently a bit busy with work matters, and I don't expect
>that to clear up until next week.
>
>Some of the information on this page may be of value:
>http://kmself.home.netcom.com/Rants/avspam.html
>
>Most arguments in favor of bouncing spam stem from some idea about
>"reliable mail". These arguments are of the same sort that argue the
>need for an open relay because it's necessary so they can mail through
>their server while traveling, and thus a "reliable mail" necessity.
>
>While post-delivery bouncing of spam does offer a reliable recovery from
>FP, it turns your mailserver into malware that anyone in the world can
>use as a DDoS client. Just like a wide open mail relay may allow you to
>send mail while you're traveling, but also allows every spammer in the
>world to abuse it.
>
>Most sensible network admins regard post-delivery bounces of spam,
>viruses, etc. as a network attack. I personally take this stance, and I
>handle it the same way I would handle any network attack or intrusion
>attempt incident. First, try to advise the admin of the problem. If it
>continues, I blacklist the server and/or domain. If it continues gets
>bad enough to noticeably effect service here despite the blockade, I've
>got no reason to ever hesitate to pick up the phone and file a network
>abuse complaint with the upstream provider. Intentional misconfiguration
>despite warnings gets handled as an intentional malicious attack, and
>malicious attacks that degrade service cause incident reports.
>
>Thus far I've never had to do that for spam bouncing, however a few
>domains that are permanently in my 550 list due to spewing malformed
>bounce garbage on a persistent but small volume basis.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list