Page Two

By eweek  |  Posted 2002-09-09 Print this article Print

: Bounce-Back Bugaboo"> Bounce-Back Bugaboo

I just read your article in eWeek where you said, "When using a black hole list, some e-mail administrators may also choose to bounce blocked e-mail back to the sender. This, of course, sends a confirmation to spammers that they have a legitimate e-mail address, making it likely that the e-mail address will receive more junk mail, but it also has the benefit of letting legitimate senders know that their e-mail has been blocked."

I disagree. Most of the junk e-mail messages have faked return addresses, so bouncing them is making the problem worse. Just drop them on the floor and sweep them away.

The latest trend Ive seen is spammers using legitimate, harvested return addresses. Ive had mine used a lot recently. One instance left me with about 300 messages from Hotmail, bounced from messages I never sent.

Faking a return address is legal as far as SMTP goes and makes sense if youre sending mail from home and want to use your work address. Maybe if servers bounced mail back to the original mail server instead of to a specific user-specified e-mail address, bouncing would make sense. Right now, it just doesnt.

Thanks for an interesting article.

— Sander Wolf

Make It Go Away

The three tools you reviewed ("Trio Take Different Tacks in Fighting Spam," Page 34) arent broadly useful. Did you ever try to get Mail Abuse [Prevention System] to sell you the MAPS service? I tried for a couple of months and never got more than auto-responses from them. Kind of like, "We value your business; please hold for the next available. ..."

Brightmail doesnt even want to talk to you if you have fewer than 100,000 users. Of course, it doesnt want spam to go away. If everyone had access to competent anti-spam measures, spammers would move on to something else, and Brightmail would be out of business.

SpamAssassin for Outlook is probably a great product, but what if you dont use Outlook? Once you throw in a couple of less common things like IMAP or another mail client, the number of available desktop anti-spam products drops precipitously.

As an ISP, I could probably eliminate 100 percent of the spam delivered to our users. But there would very likely be valuable e-mail thrown away, too. So you have to back off a bit.

But there are people who dont want any filtering or blocking. They want everything filtered except for mail from one place that has an open relay, but they dont want spam from that open relay, either. And they start off the dialogue by threatening legal action if you dont let all their wanted mail through.

So, now we see that what is really important is an interface where the user can control what is blocked, whether its deleted or saved, etc. Making sure that the user can control things rather than having a policy enforced by the ISP may be more important than the method of filtering.

Ah, but now we have people who dont want to be bothered with using the user interface. They just want you to make their spam go away. They may never even say anything; theyll just cancel their service and go elsewhere.

— Stuart Krivis, Hostmaster and Purchasing manager, APK Net Inc., Cleveland


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel