Home page logo

educause logo Educause Security Discussion mailing list archives

Re: spam return address backlash
From: Cal Frye <cjf () CALFRYE COM>
Date: Thu, 11 Jan 2007 15:21:46 -0500

 Roger Safian ventured to comment, at 1/11/07 11:46 AM:
Thanks for everyone who responded to this.

As for the topic of rejecting bounces, while I
agree the RFC was written in a kindler gentler
time, I don't think that rejecting bounces is
a good idea.

Please correct me if I'm wrong, but my understanding runs like this:

Bounce a message, and your mail server creates a new bounce message and sends
back to the sender of the suspected spam.

Reject a message, and if the sending system is a genuine mail server, /that
server/ will send an error message to the local user regarding the "bounce."
If the sending system is a suborned spammer, the reject will be ignored and it
will pass on to the next address in the queue.

Result: genuine users do receive word of the delivery failure; forged sender
addresses go unmolested.

-- Cal Frye, Network Administrator, Oberlin College
   www.calfrye.com,  www.pitalabs.com

"The louder he talked of his honor, the faster we counted our spoons." --
Ralph Waldo Emerson.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]