Why you shouldn't bounce spam and viruses. Why you shouldn't bounce spam and viruses. No one reports the From address on a spam as the source because they know it's forged. So why would you 'return' a spam to that same forged address? I'm all for returning spam to the sender, but to do that you have to reject, not bounce. This page is about not bouncing spam. Rejecting spam is fine. ![]() The short version of this whole page for those who are too busy to read all of it: DON'T BOUNCE SPAM, THE FROM IS FORGED. You should only send non- delivery notifications to your own users, anything else that can't be rejected during the SMTP transaction and is later found to be undeliverable should be dealt with locally, don't bounce it or your server becomes part of the problem. Thank you. Skip to the Index. ![]() MAILWASHER PRO STOPS SPAM. The Junk Mail Controls interface in the Mozilla Suite is slightly. Your email provider may run a spam filtering program on their mail server. How to Retaliate Against Spam Email. Another top way to retaliate against spam. I've now got 99%+ of my spam identified by Spam Bully, and I can keep my e-mail address! Thanks for an excellent program. It has brought sanity back to email. Backscatter bounces are Non- Delivery Notifications, but they're for email you didn't send. A spammer sends out some of his spew with one or more of your addresses as the From, and poorly configured servers don't properly reject it, instead they send an NDN to the forged From address. So you get notices for something you had nothing to do with. How do I change an email that is labelled ***spam*** back. Change a spam email back to a normal email.To give you an idea of the size of the problem, I received over 1. October 2. 00. 6. Of the bounces that specified a reason for not accepting the spam, the vast majority were for an invalid recipient address. The next most common reason is because the spam was identified as spam, followed by over quota mailboxes and identified viruses. Invalid addresses and over quota mailboxes can normally be determined during the SMTP transaction and rejected, but in the cases where I'm getting them as bounces they weren't rejected or I'd never see them.
So those mail servers are obviously accepting those emails and processing them before bouncing them. Most servers do body scanning for spam and virus after accepting the email, then many of them bounce it. But it is possible to receive . Exim is one example of a mail server that can be configured to do that. As of October 2. 00. RFCs. Something over half of the bounces that I receive don't specify the reason for the bounce. December 1, 2. 00. There are two items of good news. Better late than never. And it's not all good news, see this note for details. Second, there have been some changes to the RFCs, and a couple of the items deal specifically with spam filtering and bounces. RFCs 2. 82. 1 and 2. RFCs 5. 32. 1 and 5. The key change from the point of view of this web site is that rejection (. Bounces for spam, viruses and a few other unwanted messages will NOT be usefully delivered since they won't go back to the source. Rejecting for more details. The short version. Who this page is for. Who can use this page? Why I wrote it. Bouncing vs. Rejecting. What are the spammers up to? Why not bounce spam? What can you do? Invalid Recipient Addresses. Auto- responders, Out of Office messages. Challenge/Response, why not. How to see if you're already listed. What can you do if you're getting hammered with Backscatter? Related links. My Privacy Policy and a disclaimer. Who is this page for? Back to the Index. This page is primarily intended for people who run mail servers that receive email for multiple users. Individuals who get their email through an ISP or company server normally won't have much control over what needs to be done to solve this problem. There are a few positive things that end users can do though. They can certainly help put pressure on their email admins if something needs to be fixed. In many cases it's just a matter of the people in charge not realizing how things have changed since about the beginning of 2. And if they haven't adjusted, the mail server may have ended up on blacklists. If so your email could be blocked from at least some sites. End users should never use a program to bounce spam in hopes of abusing the spammer or getting removed from spam mailing lists. Spammers will never see those fake bounces, they'll go to an innocent person who may report the bouncer for sending them spam. Use of a Challenge/Response spam filter can also cause the server to end up on blacklists. It's also not a good idea to try and retaliate against spammers in any way other than reporting the spam you receive, there's far too much potential for abuse of innocent third parties. Who can use this page? Back to the Index. Anyone who wants to refer someone to this page is welcome to do so. If the goal is educate someone on the evils of bouncing spam so that they'll modify their servers actions, please be sure that you're notifying the right person. Please use caution, not cluing someone in is probably preferable to irritating the wrong person who may already be doing it right. Why did I write this page? Back to the Index. Lately I've been getting a lot of bounced spam. And of course I didn't send any of the spam, so I report as many as possible as spam, which they are to me. See note 1 Even before the volume got out of control, I got tired of typing out emails and filling in contact forms explaining why the sender of the bounces shouldn't do that, so I created this site. The information on this page comes from knowledge I've gathered in years of dealing with computers and poking around the internet and newsgroups, as well as my own experiences dealing with spammers. I received some suggestions and corrections from people far more knowledgeable than I am. And I've done my best to verify that everything here is accurate, but it's up to you to make sure that it's appropriate for your situation. And of course, at some point this information will be outdated. The internet is a constantly changing medium. Some changes are for the better, some for the worse. Unfortunately spammers have forced several of these changes, and now they're forcing another one. My goal is to provide information that will convince more people that bouncing spam is a bad idea. The same reasoning applies to bouncing viruses found in incoming email. Anyone who thinks it would help is welcome to send a link to this page to anyone who has sent them bounce spam. Please make sure that they really are the source though, spammers also forge bounces. If someone sent you a link to this page it's because they received some bounced spam from your server, or a Challenge/Response, or possibly an Out of Office reply to a spam that had their address forged as the From. It might even have been me who sent you the link, although anyone who wants to is certainly welcome to do the same. If you are responsible for any of the above you should seriously consider fixing your system. There are people getting thousands of bounces etc. Backscatter is becoming a huge problem, and at least one DNSBL (DNS based Blacklist) is now aggressively including backscatter sources in his lists. As of the beginning of 2. TQMcube. com had reported that his parser was adding about 5. And he said that his lists were being used to filter about 2. You do not want to be there. And his list isn't the only one you could end up on. Spamcop now allows backscatter bounces to be reported as spam, and once there are enough reports, they also add the server to their blacklists. Most blacklists that add backscatter sources will result in blocking all email from that server. But now www. backscatterer. Backscatter and Sender Callout sources. That list can be used to reject just unwanted NDNs. Bouncing or rejecting? Back to the Index. There's a big difference between rejecting email and bouncing email. Rejecting email is the acceptable way of handling undeliverable email, bouncing email is the one that is causing problems. Rejecting is done during the SMTP transfer when the sending and receiving servers are talking to each other. If the receiving server rejects an incoming email, then the only one who will get the rejection is the sending server. If it's a legitimate email that server should notify their local sender with a failure report. See RFC 5. 32. 1 for details. That RFC is new as of October 2. RFC 2. 82. 1. If it's spam then the sending server is probably a bot, and it's not likely to be listening. Rejections can be temporary (a 4xx code, like mail box busy) or permanent (a 5xx code like no such user). A great deal of spam would disappear forever if it was simply rejected during the SMTP transaction when no such user is appropriate. Appendix D on page 8. RFC has some examples of SMTP conversations. D. 2 shows a rejection. Bouncing is done after the receiving server accepts the email and the connection with the sender is closed. So the email has to be sent somewhere instead of simply rejected. The only way to determine where to send it at this point is to look in the headers, normally the From or the Return Path. TQMCube. com, Spamcop and other blacklists now consider misdirected bounces as spam, and they are treated as such. If your server is bouncing spam you will eventually get listed as a spam source. The way it should work is that the sender sends an email to their mail server. That server contacts the recipient's server, which determines whether or not the email should be accepted. If it's rejected, the sending server gets that notification before closing the SMTP connection, and it's then the responsibility of that server to notify the original sender. Ideally, bounces should only be sent to local recipients, not to someone on another server since you can't guarantee the validity of the headers. A receiving server should be very cautious about notifying the original sender directly, servers should usually only provide notifications to their own users. Sender - -> Sender's server - -> Recipient's server - -> Recipient. Effective October 2. RFCs 2. 82. 1 and 2. RFCs 5. 32. 1 and 5. Apparently the main purpose was to clarify some of the statements. But there are several changes which apply specifically to spam filtering and Mail Rejection. In RFC 5. 32. 1 Section 4. Requested action not taken: mailbox unavailable (e. This allows a server to accept a message and hold the connection open .
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
August 2017
Categories |