To bounce spam or not...

Discussion in 'General' started by netphreak, Jan 15, 2007.

  1. netphreak

    netphreak New Member

    I guess most spammers use a "fake" email address, but do they all? Wouldn't it be smart (from a spammers point of view) to weed out the addresses that automatically bounce the spam and delete it from their database? If an email is not bounced back from a server, it's likely that it has hit a functional mailbox = valuable spammail target.

    My question: Should I configure ISPConfig to bounce spam mail, or automatically delete them in my email client?

    Edit: typo
     
    Last edited: Jan 15, 2007
  2. martinfst

    martinfst Member Moderator

    Never ever bounce spam. Spammers use botnets of innocent PC's, and they substitute fake return addresses. There's no spammer in the world that will ever see your bounces. You're just using bandwidth and system resources to process backscatter.

    Either bounce at the MTA phase (Postfix level) or accept and either dump it in /dev/null (if you're sure) or put it in a SPAM folder for later review of any false positives.
     
  3. netphreak

    netphreak New Member

    Thanks for your reply. So in fact, you recommend me to use the "catch all" option as well, and just delete the spam on the client side?

    Sorry, I don't know much about how spammers "work" :eek:
     
  4. martinfst

    martinfst Member Moderator

    Well, I'm subscribed on too many MTA mailing lists, I guess .....
    I'm by no means a spam expert, but you should not use catch all and you should not bounce (with procmail as ISPConfig is designed) spam. That's all wasting resources.

    Only use your legitimate users and forget about catch-all. Legitimate people who want to send you email will notice when they have made a mistake. Postfix will do that for you. Maybe you're lucky and you don't get (much) spam now. I bet you will get a lot more in the coming months.

    Story/experience:
    I've setup a catch-all for a customer of mine once. He now receives hundreds of spams per day, just because spammers could deliver to any account on this domain in the past. I took specific measures to keep this server in a healthy state, just because once I was stupid enough to setup a catch-all. :(

    If you have the spam mail in a 'junk' folder, you can occasionally check for FP's. I'm not sure how ISPConfig stores spam by default (my 1st server with ISPConfig entered the datacenter today, but no users configured on it yet) but either let your users review their own spam box or put all spam in a general mailbox/mailfolder. And beware, what person A regards as spam might be legit for person B. :D
     
  5. netphreak

    netphreak New Member

    This is what I am talking about. But now I begin to realize there's a difference between the message you get back when you try to send an email to an unused address, and the one you get when you send to a legit address, but the server bounces it back for some reason?

    Anyhow - if spammers doesn't monitor the replies, how did they figure out you had a catch all feature turned on?
     
  6. martinfst

    martinfst Member Moderator

    The (some?) spambots seem to have code that verifies if an address seems to be legit. In that case that email address is fed into other distribution lists, which they then sell to other botnets. Hey, that's just the rumors I hear about the spam operations. I'm not involved.
     

Share This Page