ram wrote:
You might be surprised , but that is not exactly true. I have seen a lot
of backscatter from Cisco Ironports.
Most Ironport boxes dont do any address verification at the time
accepting mail, and then send NDR's. But if these are getting SPF fail,
then these messaged may get discarded as spam ( I assume )
discarding would not be reasonable. They can however discard the bounce
in case of SPF/DKIM fail (or any other heuristics). but do they really
do that? There is still a risk to discard a legitimate bounce (a lot of
SPF records do not match "reality": they may not be updated, they may
not include all relays, ... etc). I'm not sure a vendor can take this
road currently (they can offer this as an option, but will the admin
ever notice or understand it?).
Also this would assume that the final server does address validation at
smtp time. but this is not always true. so the appliance will not know
whether the address was valid or not, and the final server sends a
bounce after accepting the message from the appliance.
And this may happen with a lot of other outsourced antispam vendors too
While MSPs may have mitigation methods (Postini relays in real time
unless the final site is down, dyndns discards mail to invalid
recipients, ...), a lot of backscatter is generated by their customers
(the final server accepts then bounces).