backscatter by DSN: Service unavailable

[Ronny T. Lampert]

>> our primary mailserver tags the spam and relays mail to other mailservers.
>> Those sometimes have a different view of accepting messages
>> and frequently reject spam mail
>> (different view of DNS, different RFC inforcement). The primary server
>> backscatters the tagged spam to falsified sender addresses.
 >
 >
> Do you already do recipient verification (call ahead type of thing)?
> Might solve a few of your problems:-).

Actually, when thinking more about the problem -- your problem is kinda 
hard. SMTP is a store and forward system, and once anybody in your whole 
routing domain has accepted a mail, he's stuck with it.

The cleanest solution would be to talk with those subdomain admins and 
try to improve your frontend up to a level they will gladly accept.

The quickest solution is to try and reduce the bounces by doing some 
kind of milter-ahead solution; this will maybe reduce the backscatter by 
around 50% (rule of experience) but cannot completely eliminate it.
Are you familiar with that kind of setup? If not, tell us what SMTPd 
you're using and we can point you into a direction.


You also can reduce the time mail is kept in your queues in case a 
server goes down, that will expire those backscatter more quickly.


As for the watermarking - MailScanner can do that and you can have a 
"shared secret" so you can trust those watermarks.
ATM I'm quite unsure how to use that in your setting, though, as those 
watermarks would have to contain some kind of commands, like 
"backscatter mail, delete it" or so.


Cheers,
Ronny