Block outgoing mail w/ bad addressing

Jim Holland mailscanner at mango.zw
Thu Oct 19 07:25:36 IST 2006 

On Thu, 19 Oct 2006, Jethro R Binks wrote:

> > Would you take the risk of one of your users fat-fingering your domain 
> > name in an internal email and giving a competitor potentially sensitive 
> > company information? (accounting/sales/project status reports)
> 
> I'd educate my users and provide them with tools to minimise the chance 
> that their fat-fingers wouldn't be detrimental to their employment status, 
> but I certainly wouldn't attempt to 'fix' this in an MTA (who is going to 
> shout that this is off-topic this time?); like provide them with an 
> address book of company contacts.
> 
> Neither does this 'solution' prevent people outside the company sending 
> that sensitive company information to the typo-squatting competitor, so 
> you might be stuffed anyway, nor prevent fat-fingered employees from 
> entering the incorrect email address in the myriads of places they may 
> enter it outside your realm.  So you are only 'solving' a fraction of the 
> problem.
> 
> I see outgoing mail to hotmial.com and similar all the time, but I don't 
> do anything about that either.  Neither do I put in extra aliases for 
> some-role at strath.ac.uk, because someone thinks that some one might send 
> email to some_role at strath.ac.uk instead.  Users have to take 
> responsibility for paying attention some time.  The sooner they learn the 
> better, then you don't have to have some ugly kludge knocking around for 
> years.

I agree that you should not fix user problems by automatically rerouting
mail to an invalid address to the correct address - then they will never
learn.  However given a choice between dealing with endless user queries
about "Why can't I send mail to this valid address?" and putting up a
simple explanatory bounce message in the access file, I have found the
latter to be very handy for domains that are constantly mis-spelled or 
else have stopped functioning, for example.

If the user typo simply resulted in an immediate bounce it wouldn't be so
bad, but there are some cases where the invalid domains used have
nameservers that constantly time out, or have no mail exchangers but the
hostname itself is unreachable, so the mail just sits in the mail queue
for days until it times out.  I prefer to bounce such mail back
immediately with an appropriate error message - that is my way of
educating the users.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

More information about the MailScanner mailing list