[SURBL-Discuss] SURBL and listing abuse address

Frank Precissi corvus at vadept.com
Mon Dec 20 21:08:16 CET 2004


On Mon, Dec 20, 2004 at 08:45:48PM +0100, Nick Askew wrote:
> Hi,
> 
> I have MDaemon installed and lately it has been working wonders to
> reject spam. However I've noticed that all it does is bounces the mail
> back to the person who supposedly sent it. Now we all know that it is
> almost always some innocent address or a fake address and so best case
> the bounce is pointless and worst case some innocent person is being
> bombarded with mails.

AFAIK most daemons respond with a 5xx error when it gets a successful
surbl result.  I dont see this as being any different than normal RBL's
which give an error on connection.

> I'm relatively new to all this so please forgive me if this has been
> suggested before or indeed if it is simply possible with other mail
> servers. It occurs to me that we could list the various abuse addresses
> of the ISP hosting the black listed site and this could be returned when
> a match is found. If the server software then bounced the mail not to
> the sender but to the abuse address we would seriously start to affect
> these ISP's.

Most of these domains either dont have abuse addresses, nor care about
any abuse email that rolls their way (the're just dummy domains who only
exist for a month to spam, then die).. What you are suggesting is going
to result in my server queueing the message (rather than just returning
a 5xx half way through the SMTP conversation) and sending it to a
(probably bogus) abuse address, which will bounce..

> It seems to me this is not like the lycos solution because we are only
> sending a mail when we receive a mail that mentions a spam url. The
> result is that the more spam they send the more mails they receive from
> us, the less spam they send the less mail they will receive and no
> innocent addresses are affected.

The 5xx response goes back to the senders SMTP server, its up to that
server what it wants to do it.  It can silently drop it, or bounce it to
the sender.

A better solution would be to have the mailer daemon do a wget on the
URL in question once it gets a surbl hit.. Thats more of the Lycos
solution.. heh

> There is a drawback to SURBL and that is that someone could end up black
> listed wrongly. This mechanism would add insult to injury but lets face
> it if I wanted to get at xyz.com I'd send out a bunch of spam as if it
> came from jdoe at xyz.com advertising xyz.com and wait for the them to
> appear on the black list and then send out more spam and now watch their
> ISP get really upset with them as the bounced messages end up with them.

Thats true, but all blacklists AFAIK have to be manually added... Thats
(i think) how things like this are dealt with.

Frank


More information about the Discuss mailing list