[SURBL-Discuss] SURBL and listing abuse address

Jeff Chan jeffc at surbl.org
Tue Dec 21 08:37:10 CET 2004


On Monday, December 20, 2004, 12:08:16 PM, Frank Precissi wrote:
> On Mon, Dec 20, 2004 at 08:45:48PM +0100, Nick Askew wrote:
>> Hi,
>> 
>> I have MDaemon installed and lately it has been working wonders to
>> reject spam. However I've noticed that all it does is bounces the mail
>> back to the person who supposedly sent it. Now we all know that it is
>> almost always some innocent address or a fake address and so best case
>> the bounce is pointless and worst case some innocent person is being
>> bombarded with mails.

> AFAIK most daemons respond with a 5xx error when it gets a successful
> surbl result.  I dont see this as being any different than normal RBL's
> which give an error on connection.

Keep in mind that some folks use SURBLs at the MTA level and
others use it after the MTA has already accepted the mail, such
as with SpamAssassin.  (It is possible to call SpamAssassin
from the MTA so that its results can be used to cause the MTA
to reject mail, but that's a somewhat uncommon configuration.)

>> I'm relatively new to all this so please forgive me if this has been
>> suggested before or indeed if it is simply possible with other mail
>> servers. It occurs to me that we could list the various abuse addresses
>> of the ISP hosting the black listed site and this could be returned when
>> a match is found. If the server software then bounced the mail not to
>> the sender but to the abuse address we would seriously start to affect
>> these ISP's.

> Most of these domains either dont have abuse addresses, nor care about
> any abuse email that rolls their way (the're just dummy domains who only
> exist for a month to spam, then die).. What you are suggesting is going
> to result in my server queueing the message (rather than just returning
> a 5xx half way through the SMTP conversation) and sending it to a
> (probably bogus) abuse address, which will bounce..

Probably that's the most likely result.  As I mentioned in the
other reply, generally speaking it's not a good practice to
send any outbound network traffic in response to a spam.
As Nick and others note, that can result in a DOS of both
the sending and receiving servers.

It's probably better to remember or use information about
spams received to block or delete future similar spams.

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list