Well, that's what this is about. I'm starting to get calls about people wanting me to block this stuff. I'm not getting any calls asking about where one's message went.Do I target all bounces for deletion?
Not if you want to retain your customers.
I'm worried about being attacked, and if I show everyone that I have nothing to steal (i.e. not confirming individual addresses) they won't bother with pounding on my server. Before this type of thing existed, naturally swallowing such E-mail and deleting it would be a bad idea, but right now, I have to leave the nobody aliases on, and people have complained about getting bad addressed spam directed at their accounts. So I have two problems...1) the nobody aliases have to stay on in order to prevent dictionary attacks, and 2) people have complained, and will do so with more frequency as the problem gets worse, that this bad addressed spam (including some bounces), are hitting their account. I could stick this stuff in a sub-directory of their spam hold account, but almost no one would ever check that because that's the way it is. There is no perfect answer here, but most of my customers will not have their nobody aliases pointed at someone's real accounts for much longer.In another thread, you've argued (unconvincingly, to my mind, and in the face of best practices) against having MXs reject unknown users--and in that same thread, you seemed proud of your policy of swallowing all misaddressed mail at the MX.
So hacks and spammers have compromised our ability to handle unaddressable E-mail. Such a practice now comes with an expense. Either you leave your server open to an obvious DOS flaw, or you deal with the consequences of trying to deal with it. Ipswitch will eventually fix this problem with attack detection and rejection, and then I will be able to turn the nobody alias off, and my gatewayed customers can deal with the unadressable stuff on their own servers.
Regarding the topic of this thread, hacks and spammers have also compromised our ability to handle error's. My lawyer for instance is getting about 10 per day (not per week), and that doesn't include the stuff that probably gets eaten at my delete weight. My own web mail account (which I don't really use for obvious reasons), gets about 25 of these every day. I expect for this to get far worse just like everything else with spam. My spam volume has more than tripled now in the last year, in fact, yesterday it hit 93.3% of all messages that got past virus scanning. Worse yet, Congress just legalized the practice, and a publicly traded company, ValueClick, just bought out the notorious spam house Hi-Speed Media.
Hacks and spammers have compromised our ability to bounce messages that we consider to be unwanted. It would be nice to do a little list cleansing in order to lighten our load by letting the VERP bounces get sent back, and even nicer to notify those that are falsely rejected, but by swallowing all of this stuff, we create a different, though smaller problem. This obviously compelled Scott to change BOUNCE to BOUNCEONLYIFYOUMUST as a way of educating us.
All I know is that I have problems that need a solution, and that solution is going to be imperfect no matter how I approach it. I came here to ask for some advice, and it appears that your recommendation is to leave it alone, but I don't really consider that to be an option, at least where this problem is being seen. I expect for it to get a lot worse also, just like everything else. It's a Catch-22 for sure.
I'd rather this not get too personal, so I'm going to skip addressing some of the rest, but I will say that yes, I don't have a problem changing my opinion as I learn and experience more things, and it's not unreasonable to hold different but associated beliefs that appear to be in opposition to one another where they overlap. The people that devised SMTP certainly didn't think about the potential of what has become an obvious reality that we now have to deal with, and my customers are looking to me for a solution, imperfect as it may be in the end. I'm not by far sure about what to do.
Matt
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
