Stephen said:
We are running Outlook 2007 with Exchange at home
2 Users
1 with Windows XP and 1 with a mac
We want to nominate 1 specific email address to NOT get any mail from.
We want to bounce it, with the end desire being that "you cannot get to
me", rather than the email just being auto-deleted.
Creating a rule for "trash" does not get the hint back to them in the
same manner.
The Exchange service offers a blacklist function, but not a bounce-back
to a specific email address.
Anyone have any ideas?
Bouncing is an illegitimate response and almost guarantees that you will
hit undefined e-mail addresses or some innocent whose e-mail address got
usurped by the spammer. You really think spammers dole out their true
e-mail address? DUH!
If you're asking about bouncing, you are not asking how to maintain an
blacklist up on the server but instead a bogus rejection issued by the
e-mail client (Outlook). After the mail session has terminated between
the sending and receiving MTUs, there is NO INFORMATION in the headers
of a received e-mail that can guarantee just exactly who was the sender.
During the mail session between MTUs, the receiving MTU knows who was
the sending MTU. It is during the mail session that an e-mail should
get rejected by the receiving MTU. The sending MTU then gets a
rejection and it has to handle sending the NDR (non-delivery report)
message to whomever was the sender to it.
The e-mail client doesn't have any good info on which to rely to
guarantee that it will send the bogus rejection (which was not sent by a
mail server but by the client) to the correct recipient. If it is spam,
it is a done deal that your bogus rejection e-mail will NEVER be
received by the spammer. It may, however, end up wasting resources by
your mail server to send your bogus rejection e-mail. If the spammer's
domain is false (doesn't exist), the mail server will die immediately
since it has no destination domain to send your fake bounce. If the
domain exists, your mail server wastes resources trying to send to a
username that may not exist at that domain. If the username exists, it
won't be for the spammer and instead you slam an innocent when your fake
bounce - which qualifies as deliberate backscatter and can get YOU added
to the public blacklists, like Spamhaus and SpamCop. Backscatter is
reportable as spam and you issuing fake bounces generates backscatter.
Only DURING A MAIL SESSION between MTUs (mail servers) should a
rejection be issued to the sending MTU. SMTP was designed under a trust
model and none of the headers in an e-mail can guarantee who was the
sender. That info is available only during the mail session between
mail servers (and only the sending MTU is known to the receiving MTU but
then the receiving MTU isn't issuing yet another e-mail but instead just
issuing a rejection status during the mail session).
If you want to find out how to maintain blacklists of senders in
Exchange then ask in a newsgroup that discusses Exchange. Below is my
canned response regarding boobs that think bouncing is a good idea. It
may have other points not mentioned above plus there are some links to
articles to further explain why fake bounces are not only stupid but can
be harmful (which can include harmful to you).
<canned response>
The bounce feature in any e-mail client is very stupid and irresponsible
primarily because ignorant users will actually believe the software
author is providing an appropriate feature and that it will somehow it
will avoid further spam. Spammers do not use their own e-mail address.
Instead they use a bogus one (which may be a valid e-mail address for
some user) or they use one that they've already stolen and is often
included in the recipient list of e-mail addresses. Spammers change
their e-mails every time they spew so blocking on the one they used last
time won't eliminate getting their crap when they next spew. Spammers
rely on the ignorance of e-mail users that believe using blacklists
and/or bouncing by the sender's claimed e-mail address has any effect on
reducing received spam.
- Blocking by the sender's e-mail will NOT eliminate spam in your
mailbox. The spammer's e-mail address changes at their will.
- Bouncing based on the return-path headers in an e-mail will NEVER hit
the spammer. Only boobs think the spammer will identify themself.
YOU are not connected during the mail session between the sending and
receiving mail servers so you have absolutely no means to guarantee of
knowing from the return-path headers (e.g., From or Reply-To) as to who
sent you. The sender can put anything they want in there. Even mail
servers that first accept a message, end the mail session with the
sending mail host, and then check afterward if the e-mail address is
valid or not and then try to send a *new* message back to the sender
will get it wrong. If a valid IP address of the sender is included in a
Received header, that does NOT provide you with an e-mail address to
which you can bounce back their spam. You cannot rely on the
return-path headers to guarantee identifying the true sender. These
bounces are sent blind!
The spammer isn't going to identify themself to receive that bounce. Now
consider that only aren't you the receiving mail server but you are even
further removed from the mail session between the sending and receiving
mail hosts. There is nothing in your e-mail client that can absolutely
guarantee who is the sender of the spam you got in your Inbox, so
bouncing it anywhere means wasting bandwidth for you to send the bounce,
disk space and bandwidtch by your mail server to attempt to deliver your
bounce, disk space and CPU cycles for the receiving mail host to accept
your bogus bounce mail, and some innocent getting slapped with your
misdirected bounce (which, by the way, can be reported to blacklists as
backscatter and get you blacklisted).
Think about it for all of 10 seconds, if even that long. Would you like
to be the victim of a "mail bombing" because some spammer usurped your
e-mail address, sends out a million copies of their crap with you
identified as the sender, and then all those boobs using e-mail clients
with a bounce option end up filling your mailbox with all their
misdirected bounces?
Any e-mail client that provides a bounce option are irresponsible
software authors. Ignorant users sending misdirected bounces are
irresponsible e-mail users. Have a read at:
http://spamlinks.net/prevent-secure-backscatter-fake.htm
http://spamlinks.net/prevent-secure-backscatter.htm
Warning: If you send me backscatter, like misdirected bounces which to
me are unsolicited and hence spam, I will report you to blacklists, like
at SpamCop, for your irresponsible and ignorant use of flawed anti-spam
schemes. If you punish me with your backscatter, I will punish you! I'm
not the only one with this attitude. There are plenty of spam reporters
out there and they will report you, too. It is not up to the rest of us
to placate your sensitivity for your spam problem by being your victim.
Get a responsible anti-spam solution.
</canned response>
