Re: bounced spam

["Tom Metro-12" <user=71@nabble.blu.org>]

 Ward Vandewege wrote: 
> Seems like the 'logical' way to solve this problem would be to add something 
> to every message you send out, check for that string in the bounces you 
> receive and redirect to /dev/null accordingly. 
> 
> Problem is that many bounces don't include all headers. 

This is a problem that mailing lists have to deal with, and they address 
it with Variable Envelope Return Paths (VERP)[1]. Basically you make the 
from address (technically the SMTP MAIL FROM address) unique to each 
recipient - typically by embeding the recipients address in the sender 
address, and often with a message number as well. So if [hidden email] 
sends a message to [hidden email] you get something like: 

user+other_user=[hidden email] 

It's the only reliable way to connect a bounce to a sent message. 

But most people would find this as an impractical way to combat forged 
bounces. For the most part I approximate this technique by using unique 
sender addresses for each purpose, such as one for each mailing list or 
vendor I deal with. I haven't gone so far to use unique addresses for 
each recipient, though I could see how a Thunderbird extension might 
make doing so practical. 

1. http://cr.yp.to/proto/verp.txt

  -Tom 

-- 
Tom Metro 
Venture Logic, Newton, MA, USA 
"Enterprise solutions through open source." 
Professional Profile: http://tmetro.venturelogic.com/

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss