On Sunday 28 September 2003 07:58 pm, Kaj Haulrich wrote: > On Sunday 28 September 2003 09:41 pm, Charles A Edwards wrote: > > <snip> > > > The fact that you did not receive a "message undeliverable" to > > your bounce means that you have successfully 'spammed' an > > innocent victim. > > </snip> > > That alarms me, Charles. Who have I spammed using the built-in > "bounce"-function in KMail ? > > As far as I can see, my ISPs mail delivery system tries to return > a message as undeliverable to the sender only. If that sender is > invalid, it notifies me, and me only. > > In case the senders address is valid - and that address is > spoofed - what's the whole idea ? - If I'm stupid enough to > respond to the spam and actually want to get ripped off by some > Nigerian crook, then my answer seems to get into /dev/null, eh ?
Unless the actual reply address is listed in the body, rather than the From header. Because no spammer is going to put his real email address in the From header of his email. Usually they use a real address to get past mail servers that check if the originating from address is valid, but it is not actually theirs. However, in the case of Nigerian scams, it most likely was their real address, albeit pointed at a free email account that is basically throwaway. Your bounce message, however, is worthless. The bounce is based on the assumption that the scammer will actually try to clean his list by removing dead addresses. In almost all cases, they are using a variety of methods to target, most likely an alphabet approach where they try every possible letter combination with last name per provider hoping to hit someone. In that case, your bounce message is ignored and you will still get sent the next version when they get around to doing it. Even if they have your name on a real list somewhere, it takes real effort to clean the list and since they are involved in an illegal activity anyway, they usually wouldn't bother. Criminals are criminals because they are lazy. Nigerian scammers usually use a real From address but spammers almost never use their own from address so bounce messages are actually delivered to an innocent party who didn't spam you, he just got unlucky enough to have his email address used by a spammer. I have had this done to me several times in retaliation for complaining to get spammers accounts canceled. In cases where messages such as that start arriving, I simply filter them to /dev/null. > > If I'm wrong, then what's the "bounce" function for, anyway ? At one time, someone thought that sending a bounce message back to the originator would cause them to remove your name attempting to increase their efficiency by cleaning out dead addresses from their lists. Way back with people like Spamford, that might have actually worked. Those days are long gone now. The new crop of spammers are much less professional than guys like Spamford Wallace and they are no longer interested in efficiency but rather on getting as much traffic out of the account before it gets closed. They have absolutely nothing to gain by removing dead names, they get paid by the number of messages they send, not by the number delivered so most of them have no financial incentive to put together clean lists, use their real addresses, or get any reply traffic that is not an actual order for their dubious products, much less receive a bounce and actually process that bounce. Since ISP's watch for traffic and would regard a large number of bounce messages as default reason to shut down an account for spamming, most would not their own email address in the From field even if they did have an interest in cleaning their list. It makes it too easy to lose their connectivity. That function would have been useful about 2 or 3 years ago, it no longer is. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
