[Spambayes] Bouncing Spam

Steve Atkins steve@blighty.com
Thu Nov 28 01:28:40 2002 

On Wed, Nov 27, 2002 at 08:55:04AM -0800, T. Alexander Popiel wrote:
> In message:  <3DE4A5DD.9010904@startechgroup.co.uk>
>              Matt Sergeant <msergeant@startechgroup.co.uk> writes:
> >Steve Atkins said the following on 27/11/02 04:17:
> >> The only way to safely bounce spam is to drop it with a permanent
> >> (5xx) rejection at an appropriate point in the SMTP transaction at the
> >> first point it enters your network (i.e. if your secondary MX accepts
> >> it, don't reject the delivery to your primary).
> >
> >Another thing that came up discussing this on the SpamAssassin list is 
> >that this only works on the mail server that is your MX server. If you 
> >get mail through a third party (e.g. an ISP that might forward to your 
> >SMTP server) then it doesn't work.
> 
> As an aside, I'll note that it's perfectly reasonable behaviour to
> have a bounce response late in the forwarding chain (as in a primary MX
> rejecting it when a secondary MX accepted it).

Yes, it is. It's the Right Way to do it if you're engineering huge
mail systems and want to keep them secure, too. Sucks when the
envelope-from is forged, though.

> The problem is not with
> a violation of SMTP, but in the fact that the spammers routinely ignore
> foreign-generated bounce messages (since that would require them to run
> an SMTP server of their own (and actually process data from it))

That's not the issue. It's that the envelope-from is routinely (pretty
much invariably) forged, so they're never going to see any bounce or
NDR anyway.

> and
> only pay attention to errors in outgoing conversations that their mail-
> blasting tools have.

They tend not to pay attention to that in low-level delivery
spamware. But some do, and dictionary attack and list verification
spamware do pay attention which'll gradually reduce delivery
attempts. That's not the important point, though.

The important thing is that if you are rejecting during the original
delivery you are not causing the spam to be sent to any innocent
third-party[1], which in all the other cases (faked bounces, SMTP
level bounces anywhere other than the MX) you will be doing most of
the time.

If you run software that causes the spam that was originally sent to
you to be bounced to an innocent third-party you're a part of the
problem. So it's a good thing to avoid doing that.

Cheers,
  Steve

[1] The postmaster of an open-relay... I have a lot of sympathy for
    them, but they're not just a random innocent third party in this
    context.

More information about the Spambayes mailing list