Roger Wilco said:
But you are "serving" the bounces. When the ISP does the bouncing it
does it in a timely manner and modern spamming software can tell the
difference. So "your" bounces may just be confirming that you are a
real
valid address <cha-ching $$$> and are running some fake bouncing
utility.
Exactly. The bounces issued by the client who doesn't bounce until they
happen to poll the mailbox is NOT the same as a bounce issued by the
receiving mail server. And, in fact, using Mailwasher to issue *BOGUS*
bouncebacks *IS* running a mail server in that you are definitely trying
to pretend that you are the mail server issuing the bouncebacks.
While it is possible for spam software to determine that your bogus NDR
(non-delivery report) did NOT come from the receiving mail server, it is
not likely than many spammers would bother. They would to run a mail
server that accepted inbound e-mails. That puts them at risk for
exposure, retaliation, and disconnect. So it is possible to validate
e-mail accounts based on receiving bogus NDRs from clients as
differentiated from getting NDRs from the ISP's mail server to which the
e-mail was delivered but it is not a likely scenario.
The primary problem is you sending out bogus NDRs is that you hit
innocents with your "bounce spam" for e-mails they never sent. You also
consume even more bandwidth for bounce messages that are never received
by the spammer. For poorly coded e-mail client that issues bounces, you
can end up causing a flood of bouncing messages between two mail
servers. Mailwasher, I have been told, uses a null valued Return-Path
header which means the receiving mail server will not issue an NDR of
its own in response to your bogus NDR sent to a non-existent mailbox
(which would then have you bounce their NDR with another bogus NDR that
they bounce that you bounce and ad nauseum). Mailwasher is well aware
of the stupidity in issuing bogus NDRs, but it is too good a lure to get
newbies to buy their product. Them including the option doesn't mean it
is a good option. Bogus NDRs should be sent only when there is
reasonable expectation that it gets delivered to the actual sender of
the instigating e-mail. That means YOU have to interrogate the headers
to determine the likelihood that you can identify the correct sender
rather than bogus values inserted by a spammer. However, users enabling
this bounce feature are too lazy to bother looking at the headers; if
they did, they wouldn't need the automated bounceback feature, anyway.
You don't hurt the spammer by sending bogus NDRs. It's like using a
shotgun at the campfire to swat mosquitos which you rarely hit but you
manage to slaughter all the campers nearby: an ineffective and
irresponsible solution with lots of innocent casualties. Say a spammer
issues one million spams per day (which is not impossible and even
higher rates are possible) and all of them have you listed in the From
header. After all, the spammer is certainly not going to list their own
e-mail address. Say only 10% of those e-mails get delivered (i.e., make
it past server-side filters and also hit valid e-mail accounts). That's
100,000 delivered copies of their spam. Say only 1% of those recipients
used Mailwasher's bounceback feature. That will be 1,000 NDRs delivered
to your mailbox for an e-mail that you never sent! I had one guy that
in one day got nailed with around 3,500 NDRs for an e-mail that he never
sent just because the spammer used his e-mail address in the From or
Reply-To headers. There is no intellience employed as to where the NDR
gets sent. If all those Mailwasher users are going to abuse my mailbox
with their misdirected *spam* (because, after all, they were NOT the
result of an e-mail that I sent so all of them are unsolicited and come
from USERS rather than real mail servers), they can expect the same
"courtesy" in return - by getting their accounts canned!
Your solution should not inflict other users with the negative side
effects of your "solution". Flush your own turds rather than spew them
back out on the Internet and hitting innocents with them.
