From: Robert J. Bradbury (bradbury@aeiveos.com)
Date: Sun May 19 2002 - 22:33:20 MDT
On Sun, 19 May 2002, Christian Weisgerber wrote:
> I advise against bouncing spam. The bounce will not get back to
> the spammer. It may be undeliverable, just disappear somewhere,
> or end up at another victim.
As I understand it -- if sendmail is sending to procmail and
the procmail fails (due to the SpamBouncer restrictions) it notifies
the sender immediately (during the send process) and they receive
a transmission failure notice in the error 500/501 class.
So a "bounce" is different from a "return" to the return
address (which they ignore). It is instead rejected at
the sending level. If spamers are "intelligent" (no assertions
that that is the case) then they should cease sending to
systems that bounce at this level because it is a waste
of their resources.
I know that rigid control is starting to be developed at
the receive end. Recipients of undesirable requests/packages
are delaying responses for a minute or more to waste the
resources of the sender. This may likely be extended to
a "coven" of good guys executing a DOS attack against the
bad guys. So long as the good guys outnumber the bad guys
this should work.
> Similar caution needs to be exercised when identifying the point
> of origin for further action. The only information you can trust
> is the Received stamp from the last host you consider trustworthy.
> Typically, it will mention the IP address of the machine that
> delivered the message. All preceding Received lines, envelope
> addresses, and the normal header can be entirely fictitious. Be
> very, very careful that you don't shoot an innocent person.
I understand this. I can only presume that SpamBouncer has
got this right. I haven't gone through the code in detail.
> Personally, I feed all mailing lists to a mail-to-news gateway that
> posts the messages to local newsgroups which I read along with a
> bit of USENET news. Newsreaders have been optimized to deal with
> lots of traffic.
Yes, I noticed that your reply showed up as being from a news list
that doesn't exist on my machine. As a result figuring out how to
answer the Pine questions regarding how to respond took at least
3 trys on my part. :-(
> Oh, the upstream servers that accept my mail all employ a variety
> of basic filtering mechanisms such as subscribing to the RBL and
> similar services. This is elementary. I don't know how much of
> the tide it stems.
In my experience, if the mail recipient is subscribing to the RBL
and/or associated services it is removing a significant fraction
of the traffic. One has to wonder if the internet will sink
under the tragedy of the commons due to SPAMer abuse.
Robert
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:13 MST