Spam to this list
John E. Malmberg
wb8tyw at qsl.net
Mon Apr 18 12:16:51 GMT 2005
Shachar Shemesh wrote:
> John E. Malmberg wrote:
>
>> The I.P. address is listed in bl.spamcop.net as hitting spamtraps.
>
> Just so you know, spamcop view bounces as spam. According to them, you
> should never send bounces.
I think you will find a large amount of mail server administrators agree
with that, especially the ones that have been DDOS from spammers and
viruses impersonating their domain.
A few years ago I saw a posting in the spamcop.net forum reporting that
AOL had posted in the SPAM-L mailing list that AOL was changing their
system to only use SMTP rejects and that they were going to stop
generating bounces because they recognized that the practice is abusive
to the rest of the internet.
Spamcop.net only changed their policy a few months ago.
Spamhaus.org has also listed I.P. addresses that are bouncing all
detected spam and viruses. As near as I can tell, they started doing
before spamcop.net did, and it seemed to be triggered by a company
selling an anti-spam/virus appliance that was configured by default to
abusively bounce detected spam and viruses to what was known to be
forged addresses.
At least one domain, test.com was basically DDOSed to death for a while
because of the bounces from spammers and viruses forging addresses.
> I believe the right approach is to convince
> admins to drop spamcop from their RBL list, rather than remove the very
> essential NACK SMTP has from all servers, as per spamcop's request.
The essential SMTP NACK is not what is the problem as long as it is done
during the SMTP connection using reject codes. Issuing a SMTP reject
code for undeliverable messages will never cause a spamcop.net listing.
The SMTP bounce is an artifact from the time when third party open
relays where also in common use. At that time, it was needed by the
third party open relay to return the non-delivery message.
The end mail server would use an SMTP reject, and the third party open
relay would generate the bounce message.
Now, almost no mail servers will accept e-mail from known open relays,
so when they can not deliver an e-mail, if they use an SMTP reject code,
then the sender's mail server, which should trust the sender will
generate the bounce message.
If these bounces from the sender's mail server are going to forged
addresses, then there is a security problem on the sending network that
needs to be fixed.
With almost all spam and viruses, there is no mail server to generate
bounces from getting an SMTP reject.
At current estimates on internet, a mail server is now getting 3
spam/virus messages for every real message that is attempted to be
delivered.
Which means if a mail server is bouncing instead of using SMTP rejects,
it is bounce relaying 3 spam/virus messages for every real one, and
those messages are being bounced to other victims.
And since medium to large networks pay a metered rate for their internet
connection, bouncing instead of using SMTP rejects will significantly
increase their operating costs as it will cause them to pay for the
bandwidth for 6 spam/virus e-mails for every 1 real e-mail that they
receive. Using SMTP rejects and DNSbls eliminates almost all of that
cost from their operation.
-John
wb8tyw at qsl.net
Personal Opinion Only
More information about the rsync
mailing list