Filters That Fight Back

[Tom Anderson]

> Have you not received bounces for spamming runs done with a forged
> envelope sender of your address in the past?  Ok, so someone spams 
> using your address to spam from and you'd be quite
> happy to get the million 1M emails then would you?

Simon, that is why I twice emphasized that this would only work if the
bounce-sending agent could accurately decipher forged headers.  If you
go to spamcop.net and submit a spam, you'll see that the open-source
software on that site pretty effectively determines whether or not the
headers have been forged.  Something like this would be required before
even thinking about sending out bounces for every alleged spam
received.  

I have in fact been pummeled with countless bounces caused by ignorant
mailer-daemons in the past.  I even once wrote a bounce handler for a
mailing list program I wrote with insufficient loop-back detection, and
my server and other poorly implemented servers were bouncing bounces
back and forth for days.  I'd be the the last one to suggest putting out
any such imcompetent methods for production environments, particularly
for millions of users.  Any spam bounce mechanism would have to be very
intelligent and err on the side of caution.

However, unlike the spamvertized website spidering idea to which this
was a response, sending bounces (even cautiously) would be both
automated and instantaneous, representing a pretty decent advantage over
the former method which would require manual editing of blacklists.  It
would also be better targeted to the spammers rather than their payload.

Sincerely,

Tom Anderson
Order amid Chaos, Inc.
http://oac-design.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.bogofilter.org/pipermail/bogofilter/attachments/20030902/2ffc12ac/attachment.sig>