Spam and bounces - how do you handle it?

aluminumsulfate at earthlink.net aluminumsulfate at earthlink.net
Fri Feb 9 11:53:53 EST 2007


> From: Neil Joseph Schelly <neil at jenandneil.com>
> Date: Fri, 9 Feb 2007 09:36:21 -0500

> I'm looking for some advice from any fellow mail administrators on the list.  

> Ultimately, I get a number of complaints by way of SpamCop - a couple every 
> month or two anyway - that say I'm spamming.  Even though I'm not the 
> originator of the spam and I'm sending valid bounces, even if back to false 
> senders, they consider that lazy administration.  I'm not a particularly big 

It's that tiny conditional "even if back to false senders" which is
likely the origin of their complaint.  Spammers often use the
following technique to "bounce" spam off of reputable mail servers:

MAIL FROM: <spamvictim at victimisp.net>
RCPT TO: <ABC-non-existantaddress-12345 at yourserversdomain.net>
DATA
spam here
.

When your server determines that "nonexistantaddress12345" is not a valid
recipient, it will generate a bounce to "spamvictim at victimisp.net".  This
way, spamvictim at victimisp.net will get the intended spam (even if it is
wrapped in a mailer daemon error).  The message will also seem to originate
from your server, allowing the spammer to bypass things like IP blacklists.
A way to prevent this would be to turn on recipient verification, so that
invalid recipients would be rejected as soon as the RCPT is issued.
Unfortunately, this makes it easy for spambots to probe your server for
valid addresses.  But the alternative here seems to be worse.

Of course, the same principle can be used at the application,
i.e. listserv, level.  In this case, recipient verification will not help,
because the list admin address will always be a valid recipient address.
Unfortunately, I can't offer much help with this one except to suggest that
such error reports be surpressed entirely.  That is: when an improperly
formatted request is received at the help or admin address, reply with
either the list help or send no response at all.  If third-party recipients
receive list help, they're unlikely to consider it spam.  And if someone
who sends a legitimate request to the server never receives the response
they expected, they're likely to go investigate anyway...

Hope this helps.


More information about the gnhlug-discuss mailing list