Spam and bounces - how do you handle it?
Ben Scott
dragonhawk at gmail.com
Fri Feb 9 11:43:11 EST 2007
On 2/9/07, Neil Joseph Schelly <neil at jenandneil.com> wrote:
> ... it's the handling of bounce messages in response to spam.
The problem is called "backscatter". There's no universal solution
that I am aware of. Web and Usenet searches for "backscatter spam"
(and similar) should prove educational.
You can curtail the problem of DSNs being sent in response to spam
by making your SMTP receivers aware of all valid destination
addresses, and having them reject invalid recipients during the SMTP
transaction. That shifts the burden back to the sender-SMTP. Legit
SMTP systems will handle this situation just fine, and spammers get
stopped there.
If you need to run auto-responders or similar, you have a much
trickier situation. You will probably need to resort to some
combination of intelligent internal whitelisting (based on known-good
addresses mined from your logs and databases), aggressive inbound spam
filtering based on third-party information, and/or switching to
web-based UIs for activities which cause email to be sent.
> Ultimately, I get a number of complaints by way of SpamCop - a couple every
> month or two anyway - that say I'm spamming. Even though I'm not the
> originator of the spam and I'm sending valid bounces ...
Backscatter may be causing you to send very large amounts of bogus
mail send to people who have nothing to do with you. In many cases,
backscatter is a worse problem than spam. The fact that you do not
mean to be causing problems does not mean you are not causing
problems. It's not fair, of course, but we all know how that goes.
-- Ben
More information about the gnhlug-discuss
mailing list