Jack McKinney <[EMAIL PROTECTED]> writes:
> Big Brother tells me that Greg White wrote:
>> I am a spammer. I own spamming.pissant.luser.domain. I send mail from
>> spamming.pissant.luser.domain, but I forge envelopes and From: to say
>> that I'm (for example) ibm.com, to beat pattern-matching spam checks,
>> and maybe fool some users that that's really where I'm from. Don't
>> bounces go to ibm.com? How are we, (in the example), as ibm.com, to
>> prevent these bounces from coming to us? Not to mention all the email
>> to [EMAIL PROTECTED], complaining about the spam... Am I missing something?
> Maybe. If the email is rejected AFTER being accepted by your mail
> server, then your mail server will bounce it based on the headers.
It has absolutely nothing to do with what the victim's mail server does
(in this case, ibm.com). It has to do with what the mail servers of the
people receiving the spam do. ibm.com has *absolutely no control* over
whether or not they receive bounces; there's nothing they can change about
their e-mail configuration to avoid them. They'll get bounces from all
the sites that accept mail first and then generate bounces. Such as, say,
qmail by default, or the entirety of AOL.
> For example, I want to spam using [EMAIL PROTECTED] as the
> return address. I find an open relay at mail.irelay.com, so I connect
> to it and drop off a few hundred thousand copies of my message with
> my fake from address. You are on my spam list, and your server is
> rejecting mail via ORBS, which has contacted irelay.com to complain
> already, and irelay.com is unwilling or ignorant.
> My message does this:
> 1. My machine to mail.irelay.com over smtp. accepted.
> 2. mail.irelay.com contacts your mail server and tries to deliver the
> message. Your SMTP port rejects it because it comes from an open relay.
> 3. mail.irelay.com bounces the message to [EMAIL PROTECTED] If this
> address does not exist, then microsoft.com bounces the message back to
> mail.irelay.com.
Yup.
So if you're running microsoft.com's mail servers, you're screwed. You
just have to swallow the bounces and hope that someone will close the damn
relay and stop the spammer.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
