On 12 Aug 2004 at 10:14, Kelson Vibber wrote: > 1. Spammer targets the backup MX (us), assuming it's less protected. > 2. We queue, reject, or discard the message. > 3. Mail ends up at customer's primary mail server, which rejects *on > different criteria*. > 4. Customer's server issues an SMTP reject to our server. > > At this point, we technically *should* generate a bounce. The > address we sent it on to was valid, but the message could not be > delivered.
I admit that I used shorthand to describe the process of making sure that the MX has the list of valid addresses. I should expand on that to say that if the MX accepts it, then it is deliverable. My solution to this would be if I had to use different rejection criteria from the MX that gets the mail first, I would not bounce the message, but instead just eat it. That's not the best thing to do, but my contract with the Internet is that once an MX that answers for me accepts the mail, the Internet doesn't need to be bothered any more. > On the other hand, if we > *did* have that information, we could have blocked the mail without > even queueing it up for the primary MX. > > Now if you run all your MXes yourself, you can make sure they all use the > same criteria and only reject mail at the border. But that's a bit more > difficult when one is in-house and the other belongs to your ISP We solve this merely by have a point of presence with enough ISPs (we have divisions or even just workers like me who use a different ISP) to allow us to run multiple MXs each with different connections to the backbone. > And then there's the scenario in which the forged message makes it > through to a valid address, someone reads it and fires off a > complaint to the person they think sent it... That's something that only user education will fix, so I'm not counting on seeing it happen anytime soon. :) -- Jeff Rife | SPAM bait: | http://www.nabs.net/Cartoons/Dilbert/LostNetworkPassword.gif [EMAIL PROTECTED] | [EMAIL PROTECTED] | _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang