On Fri, Feb 20, 2009 at 9:12 AM, Lars Noodin <[email protected]> wrote: > Navan Carson wrote: >> ... The best way to accomplish what you seem to want, is to deny the >> message during the SMTP dialog. That way you don't create another >> tool for the Spammers. > > Of course that's best, but it also presumes a competent mail > administrator. Rare as hen's teeth these days, compared to the number > of mail servers or things that call themselves mail servers out there. > > Unless the autoresponder is misconfigured to make an infinite loop, its > not going to be tool for spammers. Without it, the spam would be coming > to your mailbox. > > With it, at worst, if the originating addressed is spoofed, then the > autoresponder will be doing a favor to the real owner of the address by > pointing out the problem so it can be addressed and solved. You might > even add some explanation in the message about "if you did not send this > message, then ..." > > Regards > -Lars
...then? Spoofing is one of those things that can't really be fixed. Assuming your MTA is one of the few that actually enforces SPF, they could configure that and no longer get your autoreplies. That's it. And with the vast majority of other MTAs not supporting SPF, they're going to be getting plenty of back-scatter spam anyway. And since the implication is that you use this solution if your mail administrator is incompetent, it's doubtful they're enforcing SPF. Competent mail administrators these days do not fire off autoresponses to spammers. They assume that the From: address is bullshit. They assume that much of the time it will have broken MX records, which means you run the risk of clogging your system with deferred autoresponses to messages you didn't want in the first place. Block spam at the dialog level if possible. If it gets through, either dump it to /dev/null or report it to Spamcop and then dump it to /dev/null. -HKS
