[ExchangeList] Re: I NEED TO GRIPE!

  • From: "William Lefkovics" <william@xxxxxxxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 23 Oct 2006 21:43:53 -0700

That depends on your perspective, John.  I am not failing to understand it
at all.  SpamCop was one of the RBLs I used back in 2002-2003 or so.
I understood the principles then, and I understand them now.
That does not mean I should concur with your all or nothing religious stance
on the subject.  
While I can forgive your inability to handle 'backscatter', does it mean
independent entities should be out looking for servers that do this because
it meets *their* definition of spam? That meets *my* definition of
You should start your own RBL.  It isn't difficult.  Well, it was easier 7
or 8 years ago, I think.


From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of John T (Lists)
Sent: Monday, October 23, 2006 2:10 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: I NEED TO GRIPE!

William, what you and others are failing to understand is that SpamCop is
not the bad guy here, any one who is first accepting email for non-existing
addresses and THEN bouncing are the causes of the problem and SpamCop is
merely pointing that fact out.


It is entirely irresponsible for a company/entity to at first accept
delivery of email destined to non-existent addresses and then bounce. This
causes backscatter and additional spam, often to innocent people in the form
of forged from addresses. That is not acceptable in this day and age.


If a spammer is spreading spam and using a forged address that is one of
mine, and your server first accepts that spam and then bounces it to the
forged from address, mine, I will not hesitate one minute to cause your
server to be listed on RBL!


If the destination email address is non-existent, you must reject, not
accept then bounce.


John T

eServices For You


"Seek, and ye shall find!"


-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of William Holmes
Sent: Monday, October 23, 2006 12:20 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: I NEED TO GRIPE!


I am not ignoring spam. I am ignoring RTBL because of their marginal
usefulness and the fact that they can change their policy and affect email
flow to my organization.  In my environment they improve the detection of
spam only by about 3% while preventing quiet a bit of legitimate mail. I
find Bayesian filters much more effective and they don't "decide" to change
policy on a whim. 


It is not appropriate (at least in my opinion) to violate RFC822 just to say
you are a more effective spam filter. This is ostensibly what they
(spamacop) are doing.  Then again if you don't agree you are welcome to
continue using their services.





From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Moon, Brendan
Sent: Monday, October 23, 2006 1:58 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: I NEED TO GRIPE!


Sticking your head in the sand isn't going to solve the problem.  Neither is
avoiding the use of RBLs in your own shop.  The point is that the 'generally
accepted' customs and standards change with the times.


Most spam senders falsify the "from" address.  This means that the NDRs you
send out to the Internet go to a forged address, and end up in some
unsuspecting soul's mailbox.  As Spamcop asserts, this is arguably just as
bad as the original spam.



 - Brendan Moon



From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of William Holmes
Sent: Monday, October 23, 2006 1:21 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: I NEED TO GRIPE!



This is the primary reason we do not use any external RTBL. You are
subscribing to a service that has its own policies. Every anti-spam system
has a cost benefit ratio, when that ratio drops below an acceptable ratio
its time to move on. There are more effective ways to handle spam that your
organization can have direct control over. 





From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny
Sent: Monday, October 23, 2006 12:30 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: I NEED TO GRIPE!


If you accept email for recipients that do not exist, you must pay a toll
for causing backscatter on the Internet. 

On 10/18/06, Chris Wall <  <mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx>
Chris.Wall@xxxxxxxxxxxxxxxxxxx> wrote:

Any one wanting to read or chime in, please feel free!  I know all of you
are e-mail admins, and you may have some thoughts on the subject as well.


I am extremely disappointed with SpamCop.net - one of the few blacklist
sites that have - rather, HAD a good reputation.

Is any one else being affected by their actions of Blacklisting domains
because they follow RFC822 and send NDR's when a mail is not successfully


Okay, here's the overall story - SpamCop sets up these 'HoneyPot' email
addresses (whatever@xxxxxxx).  SpamCop then sends e-mails out to many
domains (illegitimate e-mail addresses - basically acting as spammer's
themselves) and wait to see which domains send an NDR back to the 'HoneyPot'
email address.  If your domain follows RFC822 and sends the NDR, they
blacklist the IP address of the server that sends the NDR.


Their website (  <http://www.spamcop.net/fom-serve/cache/329.html#bounces>
http://www.spamcop.net/fom-serve/cache/329.html#bounces) even details their
stance on the issue.  I have copied it below:

'Q: Why not allow bounces? They are required by RFC822! 
A: Originally, SpamCop made attempts to forgive misdirected bounce messages
- to reject them as evidence of spam. However, there are two factors
conspiring to force us to rescind this policy. First of course, is that
these misdirected messages *are* spam as we define it (Unsolicited Bulk
Mail). They are objectionable to recipients and can even cause denial of
service to innocent third parties. Users of our blocking service want us to
stop them.'



I understand what they are trying to accomplish - to prevent NDR's from
being sent to you when spammers 'spoof' your personal e-mail address.
However, SpamCop is punishing domains that abide by all security standards
for e-mail except for their 'rogue' approach to NDR delivery.  Total BS in
my opinion.


Now of course, any domain could enable LDAP authentication on incoming
e-mail and block NDR's being sent when an e-mail address is sent to a
non-existent e-mail address in your domain - BUT, even excluding RFC822
rules requiring NDR's on e-mails that are not successfully delivered, most
organizations want to keep NDR's enabled so that senders are aware if a
message is not successfully sent.   I mean, if a customer sends an e-mail to
our domain and misspells the SMTP address of one of our sales people - You
want an NDR to go back to them so hopefully they realize their mistake.


Spamcop.net even says to use SPF for checking the e-mail origin.  Well, I
use SPF.  But only block e-mails where the sending domain provides an SPF
record and the authentication fails.  I am not going to block emails coming
into our domain just because a sending domain may not have SPF setup for
their domain.  I mean, I cant force them to provide and SPF record, even
though it is recommended.  


SpamCop.net users should either stop relying on their services or either use
SpamCop.net in a 'weighted' approach for determining SPAM.


Any way - I had to gripe about this poor decision on SpamCop's behalf and
would like to get your opinions.




Chris Wall - MCSE + Messaging

NAM Exchange Administrator


T (919) 460.3236

F (919) 468.4889


Global Knowledge

LEARNING. To Make a Difference.

http://www.globalknowledge.com  <http://www.globalknowledge.com> 



CPDE - Certified Petroleum Distribution Engineer
CCBC - Certified Canadian Beer Consumer 

Other related posts: