Big Brother tells me that Greg White wrote:
> Jack McKinney wrote:
> >
> SNIP
> >
> > Yes, but the only mail servers that will get postmaster bombed are
> > ones that either condone spam by allowing users to send it out, or are
> > open relays. If RBL and ORBS isn't enough to get these people to stop
> > allowing relaying, perhaps postmaster mail filling up would...
> >
> SNIP
>
> Ummm, perhaps I misunderstand something completely here. Please correct
> me if I'm wrong here. Here's how I see it working:
>
> I am a spammer. I own spamming.pissant.luser.domain. I send mail from
> spamming.pissant.luser.domain, but I forge envelopes and From: to say
> that I'm (for example) ibm.com, to beat pattern-matching spam checks,
> and maybe fool some users that that's really where I'm from. Don't
> bounces go to ibm.com? How are we, (in the example), as ibm.com, to
> prevent these bounces from coming to us? Not to mention all the email
> to [EMAIL PROTECTED], complaining about the spam... Am I missing something?
Maybe. If the email is rejected AFTER being accepted by your mail
server, then your mail server will bounce it based on the headers.
If it is rejected at the SMTP port of your server (as is typical of
the relay checking methods such as RBL and ORBS), then the sending mail
server will generate the bounce. This won't triple bounce at IBM, it
will triple bounce to _itself_.
For example, I want to spam using [EMAIL PROTECTED] as the
return address. I find an open relay at mail.irelay.com, so I connect
to it and drop off a few hundred thousand copies of my message with
my fake from address. You are on my spam list, and your server is
rejecting mail via ORBS, which has contacted irelay.com to complain
already, and irelay.com is unwilling or ignorant.
My message does this:
1. My machine to mail.irelay.com over smtp. accepted.
2. mail.irelay.com contacts your mail server and tries to deliver the
message. Your SMTP port rejects it because it comes from an open relay.
3. mail.irelay.com bounces the message to [EMAIL PROTECTED] If this
address does not exist, then microsoft.com bounces the message back to
mail.irelay.com.
4. This message is a triple bounce when it arrives at mail.irelay.com,
though technically it is a bounce of a valid mailer-daemon mesasge.
In any event, it ends up at [EMAIL PROTECTED]
--
"Restore your inalienable human rights. Jack McKinney
Vote Libertarian. http://www.lp.org http://www.lorentz.com
http://www.harrybrowne2000.org [EMAIL PROTECTED]
1024D/D68F2C07 4096g/38AEF076
PGP signature
