OpenBSD 3.7: The Wizard of OS
Subject:   New spam feature will ruin the email system
Date:   2005-05-22 06:27:31
From:   xstatica
Blocking a server because it sends to an email address that you deliberately put on a website for spam engines to find is extremely short sighted and will cause you to not get some number of legitimate emails.

The reason is that more and more spam detection software is starting to use callbacks to verify email addresses. So when a spam email goes to somebody elses email server and they do a callback to verify the faked sender email exists which was harvested from your website, your email server would block that remote mail server for 24 hours even though they did not send a spam email to your server. They only were verifying the email address.

I see this on a daily basis from multiple sites where a server mistakenly blocked a mail server when they did not send spam... They only were doing a callback on the mail address to make sure it exists(milter-sender is one such spam detection scheme).

I feel sorry for all the people who will read this and implement the new spam detection software as you explained it. They will end up blocking servers they shouldn't.

Full Threads Newest First

Showing messages 1 through 1 of 1.

  • New spam feature will ruin the email system
    2005-05-25 08:50:19  rdump [View]

    That spammers call some of their spam callbacks doesn't change the fact that "callbacks" to forged addresses are both unsolicited, and sent in bulk (multiple copies substantively identical).

    Callbacks are just a way to reflect your spam problem to innocent victims without reducing the spam volume at all. That's extremely anti-social behavior.

    Yes indeed, especially given that you know 80% or more of alleged sender addresses are forged, callbacks are spam.

    So don't send them. Furthermore, block those who do, until they stop the spamming, just like you do any other spammers.