Spam to this list

[John E. Malmberg]

Shachar Shemesh wrote:
> John E. Malmberg wrote:
> 
>> The I.P. address is listed in bl.spamcop.net as hitting spamtraps.
> 
> Just so you know, spamcop view bounces as spam. According to them, you 
> should never send bounces.

I think you will find a large amount of mail server administrators agree 
with that, especially the ones that have been DDOS from spammers and 
viruses impersonating their domain.

A few years ago I saw a posting in the spamcop.net forum reporting that 
AOL had posted in the SPAM-L mailing list that AOL was changing their 
system to only use SMTP rejects and that they were going to stop 
generating bounces because they recognized that the practice is abusive 
to the rest of the internet.

Spamcop.net only changed their policy a few months ago.

Spamhaus.org has also listed I.P. addresses that are bouncing all 
detected spam and viruses.  As near as I can tell, they started doing 
before spamcop.net did, and it seemed to be triggered by a company 
selling an anti-spam/virus appliance that was configured by default to 
abusively bounce detected spam and viruses to what was known to be 
forged addresses.

At least one domain, test.com was basically DDOSed to death for a while 
because of the bounces from spammers and viruses forging addresses.

> I believe the right approach is to convince 
> admins to drop spamcop from their RBL list, rather than remove the very 
> essential NACK SMTP has from all servers, as per spamcop's request.

The essential SMTP NACK is not what is the problem as long as it is done 
during the SMTP connection using reject codes.  Issuing a SMTP reject 
code for undeliverable messages will never cause a spamcop.net listing.

The SMTP bounce is an artifact from the time when third party open 
relays where also in common use.  At that time, it was needed by the 
third party open relay to return the non-delivery message.

The end mail server would use an SMTP reject, and the third party open 
relay would generate the bounce message.

Now, almost no mail servers will accept e-mail from known open relays, 
so when they can not deliver an e-mail, if they use an SMTP reject code, 
then the sender's mail server, which should trust the sender will 
generate the bounce message.

If these bounces from the sender's mail server are going to forged 
addresses, then there is a security problem on the sending network that 
needs to be fixed.

With almost all spam and viruses, there is no mail server to generate 
bounces from getting an SMTP reject.

At current estimates on internet, a mail server is now getting 3 
spam/virus messages for every real message that is attempted to be 
delivered.

Which means if a mail server is bouncing instead of using SMTP rejects, 
it is bounce relaying 3 spam/virus messages for every real one, and 
those messages are being bounced to other victims.

And since medium to large networks pay a metered rate for their internet 
connection, bouncing instead of using SMTP rejects will significantly 
increase their operating costs as it will cause them to pay for the 
bandwidth for 6 spam/virus e-mails for every 1 real e-mail that they 
receive.  Using SMTP rejects and DNSbls eliminates almost all of that 
cost from their operation.

-John
wb8tyw at qsl.net
Personal Opinion Only