[Techtalk] bogus bounces--WTF?

Maria McKinley maria at shadlen.org
Wed Oct 15 02:53:53 UTC 2008 

Miriam English wrote:
> Hi Carla,
> 
> That's an interesting point. I've always been infuriated at the loads of 
> spam I've always got (especially from Russia). Lately it is more than 
> just an annoyance as I've noticed some of my emails getting trashed by 
> people's less-than-intelligent spam filters, and I've missed some 
> legitimate emails sent to me because due to unfortunate subject line 
> choice. Even worse, my domain name has been banned by some sites because 
> some bastard spammers have been forging my address in their headers.
> 
> I have thought of a simple way to eliminate this stupid arms race that 
> is slowly wrecking email's viability. Trouble is nobody I've approached 
> wants to know about it... which is weird. I wonder if anybody here knows 
> who it could be put to?
> 
> All I want is for email to work easily again. The current obsession with 
> bolting on ever more complex rules to spam filters doesn't work. Banning 
> sites doesn't work. And the various pay-per-email "solutions" just suck 
> because not only would honest people have to cough up because of crooks, 
> but it wouldn't stop spam anyway.
> 
> The solution seems to me to be surprisingly simple. All that is needed 
> is for email not to be passed on to the receiver until the return 
> address is checked, similar to how normal http error checking is 
> currently done every time we access a web page. If the receiver machine, 
> on checking with the sender machine finds the address is valid and has a 
> record of having sent the email in question then the recipient gets the 
> email. If not then the header is forged and the email is deleted and 
> never bothers the recipient. Spammers would be reduced to using genuine, 
> unforged addresses, because forged sending addresses would simply never 
> get through. Places that have laws against spam would land them in jail. 
> Spammers in other places would simply render their addresses ineffective 
> because it is too darned easy to block a genuine address that sends lots 
> of spam.
> 
> The genuine servers would not have to hold on to the whole email, just a 
> checksum and perhaps date and/or subject. And only until it is verified 
> or some maximum time (maybe a couple of months) had elapsed. It doesn't 
> need to hold any identifying information, so it doesn't compromise 
> privacy. All that is checked is that the email's from address is genuine.
> 
> Since the very early days of the ARPANET email has hardly altered. The 
> system of attachments is terrible. It bloats email by expanding binary 
> to 7-bit encoding in a day when 8-bit communications are normal. And 
> because of the old naive trust we used to have, spam filters are 
> inefficiently bolted on, faced with the impossible task of deducing 
> genuine from fake email.
> 
> Email seriously needs to move into the 21st century. The current 
> outmoded form is gradually becoming more and more damaged by misuse.
> 
> Anybody know who could affect this? They are welcome to present it to 
> anybody they wish with my blessing. Or if they want, I would be 
> delighted to put these and more arguments for the case.
> 
> Best wishes,
> 
> 	- Miriam
> 
> Carla Schroder wrote:
>> What's with all the skillions of bogus email delivery failures I'm seeing 
>> lately? All from .ru domains. Are they spams, and this is supposed to make me 
>> curious and read them, and then lose my mind and buy stuff? Most of them are 
>> unreadable anyway, they're either in bad HTML that doesn't render, or 
>> Cyrillic characters.
>>
>> Carla
> 

Regarding Carla's mail, if you run spamassassin, you can use the 
VBounceRuleset to get rid of the bogus email delivery failures.

Regarding Miriam's mail, the major problem with what you are suggesting 
is that it assumes that all legitimate mail servers are configured 
correctly, which is unfortunately far from true. It is actually possible 
to configure spamassassin to do a reverse DNS to check the HELO 
identifiers, but you have to be careful with this configuration, because 
like I said, you can easily hit legitimate mails.

cheers,
maria

More information about the Techtalk mailing list