On Fri, 2010-06-25 at 11:28 +0100, Ian Eiloart wrote: > --On 24 June 2010 09:43:40 +0000 Kebba Foon <[email protected]> wrote: > > > > > Backscatterer - Why it is abusive and how to stop your system doing so > > > > Email servers should be configured to provide Non-Delivery Reports > > (bounces) to local users only. > > Unacceptable email from anywhere else should be rejected. > > > > This is silly advice. It should be quite acceptable to bounce email that > has an SPF pass, or that has a valid DKIM signature (provided the return > path domain matches a signed From header domain). In both cases, if you're > creating collateral spam, then that's the fault of the domain operator. > There is probably a bit of a translation issue there as backscatter.org is part of Dirk & Claus 'UCEProtect' stable of blocklists.
My personal opinion is you should never accept mail that you cannot deliver to a user and in such a scenario it should be rejected at SMTP time - not after a 250 is given and (any/the) MTA decides it does not want it for whatever reason. Exim is very flexible and its brilliant ACL's can pretty much reduce backscatter to zero if configured correctly. I agree that if something passes an SPF check then a 'bounce' after a 250 should not be a serious issue, but again accepting stuff you can't deliver is generally a bad plan. With backscatter.org it is quite possible to get listed for doing callouts (particular sender verification checks) and even auto-responders if someone maliciously spoofs the mail from, and spammers know it, so use them with care :-) -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
