At 10:10 AM -0400 4/23/02, Stefan Jeglinski imposed structure on a stream of electrons, yielding: >>I(f and when a patterned tagged address becomes a problem, you can >>just kill it. For example, I mostly provide bill-* addresses, but >>for a long time my Usenet posts have carried Message-ID's of that >>pattern. Spammers will slurp up anything that looks like an >>address, so they grabbed some MID's. So I have these lines: >> >><bill-050895*> = spamtrap >><bill-231195*> = spamtrap >> >>This kills off all mail sent to MID's of Usenet posts I made on 2 >>days over 6 years ago.... > > >I have what I call 'throwaway accounts' [EMAIL PROTECTED], >[EMAIL PROTECTED], etc, that exist only in the router. I use these when >I want to fill out a form on the internet or submit an e-mail >address. These are live routes to me. When and if I get spam coming >in on one of them, I delete the account. And herein lies my question: > >Is there going to be any real difference between deleting the router >entry, or routing it to spamtrap or ERROR?
Pointing the address at ERROR should be the same as deleting the router entry. Pointing the address at spamtrap should result in slightly different behavior: instead of being rejected at RCPT, the message is rejected at DATA with a somewhat less revealing error message. This means that messages sent to the spamtrap and other addresses in one transaction (i.e. multiple RCPT commands for a single DATA) will be rejected for all recipients. In my case, I have a wildcard entry for tagged addresses so when one that matches the pattern gets spammed I need to have an explicit router entry to kill it. >Reason I ask this is related to questions I have about programs >(such as Mail Siphon) which can be used to [manually] generate >bounce messages. On the surface this seems a good idea, but aside >from the problem of targeting the bounce to a useful address, I have >also read that this bounce method is next to useless (the idea being >that some spammers will act on bounces and remove addresses from >their lists). The reason it would be useless is that any spammers >that do act on a bounce would really act on the *initial response* >of the mail server, not on any bounce received after an e-mail >appears to have been accepted for delivery. > >For those vanishingly small number of spammers that might actually >act on a bounce, is there any practical difference between deleting >the router entry or just routing it to spamtrap/ERROR? A rejection, >to a spammer looking at his logs, indicates a live (though >difficult) target. 'Unknown user' might make a few take addresses >off their 'high-quality' lists. > >Yes I know I'm giving the spammers way too much credit here, but I'm >curious about any thoughts on the matter (including the usefulness >or probable lack thereof regarding e-mail clients' bounce features). Well there are different sorts of 'spammers' who act very differently in regards to bounces. The higher-class spammers who think of themselves as legitimate e-mail service agencies (Exactis/Experian, Flonetworks/DoubleClick, Mindshare, Responsys, MessageMedia, etc.) try to do correct bounce handling and will recognize anything that looks like a real bounce even if it comes from a transaction past their involvement. After all, there are a lot of complex mail systems where the exterior mail exchanger doesn't know anything about the validity of internal addresses, and so must accept anything that looks local. Spammers with delusions of legitimacy will handle those sorts of bounces, mostly. In many cases they even use a customized Return-Path for each message so that they can be certain which address a bounce refers to. The hardcore spammers are a different matter. Very often they use totally bogus Return-Paths, so it is impossible to send a valid bounce. when they do have real ones, they will often ignore all bounces altogether. -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
