On Tue, 27 Dec 2005, Alan J. Flavell wrote: > On Tue, 27 Dec 2005, Giuliano Gavazzi wrote: > > > I wonder if there is a list of hosts sending bogus virus alerts. > > Sort of. Try www.spambag.org , lists BACKSCATTER and BACKSCATTER2.
I've just been re-reading http://www.spambag.org/backscatter.html It appears that this chap takes the view that there can be no exceptions; but he offers no viable way of dealing with forwarded addresses nor with vacation responses. While I have a great deal of sympathy with the rest of what he says, I'm at a loss to know how to deal with this aspect. If he contrives to produce a probe which, as a result of forwarding or vacation response at the probed MTA, results in a bounce being delivered to his spamtrap, then he'll blacklist the site in question. There's definitely a (small) risk that we could do that, if we ever came to his attention (which we, fortunately, haven't). Considering that there's a strict limit on the time available for any MTA activities after the end of DATA, I'd rule out the possibility of attempting to despatch forwarded mail or vacation responses during this phase of the inbound SMTP transaction. I don't see any other way of implementing this, other than screening all such bounces by postmaster inspection, which we really cannot afford to do. And I think I speak for many another site in this regard. So, we do go to considerable lengths to avoid responding to spam or other kinds of abusive mail with a bounce, but, in the final analysis, if an inbound mail appears to be bona fide and meets our other criteria, and if forwarding is unsuccessful or a vacation response has been configured by/for this user, we *will* compose a bounce-type response for it, addressed to its envelope sender (whether genuine or not, which of course we don't know). I can't see any viable alternative, despite what the spambag chap says. Nevertheless, as I said earlier, the spambag backscatter/2 RBL entries can be useful, so long as they aren't used alone, but in conjunction with other criteria to avoid rejecting bona fide bounces. comments? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
