possible idea for backscatter problem

[mouss]

Matthias Andree wrote:
> [snip]
> On the other hand, Laurent's suggestion of blocking such on the
> mailserver isn't all bad - after all, it stops pollution of bogofilter
> databases if there's a single strong indicator for backscatter spam,
>   

I agree that training with these messages may make tokens found in 
bounces too "spammy". exceptionally for sites that don't receive much 
legitimate bounces.

> plus with in-band filtering (Postfix and perhaps some milter-based
> software can do that) the mail is rejected during the SMTP transaction,
> which will have several advantages.
>
>   

This requires two things:
- the original Message-Id is included in the bounce. A lot of scatter I 
see doesn't include the original message or only include From, To, 
Subject and the body.
- the MX is aware of message-id's generated by all its clients. This is 
easy if your users are forced to use the MX for mail submission. if 
users can post via their ISP (or hotel or whatever), there is no way to 
collect their message-id. and if you have many MSAs, then collecting the 
message-id requires some work. I am not sure the benefits justify this work.

If users must go through dedicated MSAs, then BATV may be a more 
effective approach as:
- it doesn't require the outscatter site to include "original" headers
- it doesn't require reading the DATA, so backscatter can be implemented 
at RCPT TO stage.

But as with open relay, the real solution is to get the outscatter sites 
fixed. At least, we hope that the large ones are already working on this 
(they can't say they are not aware of the current storms)...