Y. O. Y.
December 27th, 2006 Posted in Mundane musings
Why, oh why do ISPs have to send delivery failure messages when the email address faked in the header doesn’t match the mailserver info in the message header? It’s clearly spam so why bother the real owner of the email address?
December 29th, 2006 at 10:58 am
This is a bit dull, I’m afraid.
Detecting that the return path is forged is not as straightforward as you might think, and it’s especially a problem when email is dealt with by a store-and-forward architecture. Basically the server receiving the email from the spammer (server A) for forwarding may not know about the non-existent user account at the destination and therefore does not reject receipt of the email from the spammer/spambot. Only later is the mail rejected by a different server (server B) which causes server A to be obliged to send a bounce message.
Given that server A might end up on a blacklist of spammers for generating so many bounces, it’s in server A’s interest to maintain a list of user accounts for servers for which it is a forwarder so that it rejects the email at source (it’s unlikely that the spambot would send a bounce). This requires some effort and not always practical. Maybe server A should spend the extra CPU cycles spam checking the email it is about to bounce — and silently drop anything which looks spammy? But server A may have a lot of work to do without adding spam processing of returned email.
Consider that all email I send is via a server wuglumsandlslp.org, and yet my email address is wuggers@wuglumsisp.co.uk. Further, if I’m “on the road”, it’s even possible that my outbound mail is routed differently for the same email address. It is perfectly legitimate that none of the servers in the headers of the outbound mail would receive incoming mail on my behalf - so it’s not a test that the bouncer can perform to validate the email. For this reason, it’s me who is best placed to determine whether it’s a legitimate bounce or not. Yes, it’s annoying to need to do it (especially when I’ve had periods of 10-20 per day), but quite simple to filter nonetheless.
Improvements to (or replacement of) the email protocol SMTP are needed to kill off this problem.
December 29th, 2006 at 1:10 pm
More dullness… (it’s a slow day)
You may be able to use SPF to improve server rejection of mail supposedly from you which is forged. But it depends whether the servers in the chain from spammer to the bounce originator use SPF analysis.