Okay, we have really good control over spam at work, and in fact very, very few spam messages get through. Only ONE address started gets spammed regularly because if you do a Whois search on our domain, that’s the admin address that shows up. The one address was getting spammed from one appears to be the same single source in the Asian Pacific chunk of the web. Almost all the ads are for the same product, but we can’t narrow down one single IP and we can’t blcok out all of APNIC because we can’t blcok out Oz.
So we temporarily deleted that account, now we use a new one. We’d like to reinstate the old one after awhile, so here’s the question:
We have disabled the catchall account, so improperly addressed e-mail will now bounce back. If spammers forge their headers so the reply address and return addresses are bogus, will an undeliverable, bounced message still bounce back to them as undeliverable? Or is it dependent on the return/reply address?
We’re hoping these idiots will removes us from their mailing list if their message bounces back twice a week. (It’s the same ad, sent to us twice a week for a diet pill.)
Yes, I know that spammers don’t care – believe me, I’ve had a whole lot of success keeping them out witout ever resorting to filters. And BTW we have had have success with this in the past nonetheless with business that was spamming. They stopped sending e-mail when they thought the address was no longer valid, we were able to reinstate the address which remains spam free.
Let me rephrase the question then:
What path does the “bounce” follow?
Does it go back the way it came? Or is it dependent on the “reply-to”, “sender” or IP address?
I’m not clear on the protocol of how a bounce message travels and what happens when something bounces.
For example, I have a bogus reply address, I mail an invalid account. A bounce message gets sent where? To my phony address? Does the host of the phony address then bounce it back to the invalid address, which bounces it back to the bogus address, which bounces it back to the invalid address… etc.
Which route does a bounce typically follow? And how does it not get messed up by aliases, and specified reply-to addresses?
Bounced emails follow the return path specified in the headers. This may or may not be spoofed, so the email will not necessarily go back to where it was ssent from.
Ah, thanks. That’s what I wanted to know. If the bounced message followed the return path (forged or otherwise), or retraced its steps (sorta… you know what I mean).
That makes sense though. That’s why sometimes you’ll get snarky messages from servers that say “your message has been refused because it contains a virus” when you’re just an innocent schmoe who’s address was spoofed by something like Melissa.
Darn, I wish I could ask questions about how those sneaky jerks forge their headers – but that info does not jibe with the spirit of the SDMB because the info would be so easily abused.
Viruses seem to spoofe the reply/return address, but I’ve seen forged headers that have made the originating IP really hard to sort out.
If the spoofed return path is invalid, what happens? Is further bouncing discarded - like the servers recognize an error code so they don’t send each other “bounces” back and forth?
When trying to send an error report, every modern SMTP servers will simply log the invalid address attempt without taking any other action. I know of older versions of at least two commercial products that were notorious with people I know for having bugs related to spoofed return addresses; both products solved the problem years ago, though.
Yes, returned mail follows the Return-Path: header. It doesn’t follow the From:, Reply-To:, or the breadcrumb Received: path.
Cutting off an email address temporarily really does nothing. If you are dealing with a legitimate business that doesn’t know when to stop, an explitive-strewn email to the president, executive counsel, site contributors, etc telling them what dickwads they are for ignoring your 5 previous requests to stop will generally work (at least, it worked for “thestreet.com”, whose executive counsel personally apologized to me :)). As for hard-core spammers, they’ll never get the bounce, so you’re wasting your time. A friend had one particular email address turned off for 5 years. Turned it on again a few months ago, and had the same amount of spam coming to it as his regular email account.
As for recursive bouncing, that shouldn’t happen with sendmail bounces, but it can happen in other circumstances. Let’s say you have your ISP account email setup so that it forwards to another address (for instance, you might forward your email to you pager, or to a yahoo account, or whatever). Now let’s say that the account you forward to is full (happens often - just wait for the next big mail worm/virus). Now send email to yourself, say to remind yourself about something. Your mail gets forwarded to yahoo. Yahoo bounces it back to your ISP account. Your ISP account forwards the bounce to yahoo. Ad infinitum.
Want to forge headers? You can forge everything except the top-most Received: line. Just telnet right into a mail server and forge away. Try the following (you’ll have to change whatever is in italics to match your email address and mail server)
From Start->run (windows), or command line (DOS, Unix)
telnet mail.yourisp.com 25