> On Nov 7, 2021, at 7:18 AM, Larry M. Smith via mailop <[email protected]> > wrote: > > On 11/6/2021, Dan Mahoney (Gushi) via mailop wrote: >> All, >> I have email for my whole domain. I'm typically known to sign up for >> services with vendor@mydomain, so that when an email gets retired or leaked, >> I route it to /dev/null, or in the event of a leak, retire it from the >> original place (say, [email protected]) and auto-route it to spam reporting >> and bayes learning. >> One of my older ones: [email protected] was a general purpose one, and thus >> for that one, rather than just routing it straight to sa-learn, I put in an >> autoresponder saying "the spammers won this address, if you really want to >> contact me, use this". >> Here's the thing though. >> Spam is coming to me with VERP'ed addresses. It's getting autoresponded to. >> Those autoresponses are then bouncing back to me as undeliverable. >> So...you're a spammer. You're going to the trouble to do VERP. You're >> throwing the responses on the ground, or even blocking their receipt. Or >> your VPS got suspended (which I'm sure you saw coming). >> What's the bloody point here? I mean, I know there doesn't have to be one, >> buy I'f love to hear ideas as to what the possible use case is. >> I mean, logically, one thing I could do is have my autoresponder detect the >> verp'ed format to this address specifically, and not attempt to respond to >> it (and in fact, I could report on/train on it). >> The autoresponder is for legitimate humans trying to contact me directly >> (i.e. nobody who will use verp). In the few years since I realized this >> address was a lost cause, nobody's tried. (Although I have started getting >> spam at gushi2015@domain, so that's some intelligence). > > You might find a better operational experience by just rejecting the messages > in SMTP post DATA with a URL for a whitelisting web page. E.g.;
I got the suggestion to reject at SMTP time from two different people. I’ve been running mail for 20+ years now, and there was logic to why I didn’t. I can’t control the subject of nondelivery reports. Worse, nontechnical users do not know how to read non-delivery reports. (Ask me how I know). In my initial message, I had said that some number of people used this address (remember, the LHS was danm@ not somecompanyname@). Ergo, I wanted to give some amount of time where mail would still come through (and be captured) versus an outright reject. Thought did go in to this, really. My logic is “never reject when you can use it to feed spamtraps”. :) -Dan
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
