In the message "Re: [MAGNet] Leopard vs. Eudora", dated 2008-05-13,
Mark Hayden wrote:
>If you really want to cut down on the spam, Apple Mail has a 'Bounce'
>feature. ... Bouncing spam seems to have the effect of removing
>your email address from the spam server. Very cool! ... This has
>eliminated almost all of my spam. I don't need to use any filters...
I'm not an email admin, and so want to make it clear that the
following material is merely a hastily researched set of excerpted
opinions, to spur further discussion of this topic.
Nonetheless, there seems to be a strong set of counter arguments on
the topic of whether end-users should direct their desktop email
applications to 'bounce' messages that are apparently spam. Perhaps
someone with deeper expertise in this area might wish to comment?
One such opinion:
http://spamlinks.net/prevent-secure-backscatter-fake.htm
>True bounce messages are generated by a mail server when there is an
>error with the email it is sending, based upon a reported error by
>the recipient mail server, such as the mailbox not existing. Fake
>bounces seek to mimic that, and so fool a spammer into removing a
>live email address. Sending such fake bounces is not a good idea.
>... if you send fake bounces you are likely to contribute to a
>mailbombing against an innocent victim. Spammers don't pay any
>attention to bounces, real or not, and spammers don't remove
>addresses from their mailing lists.
And this one:
http://www.dontbouncespam.org/
>End users should never use a program to bounce spam in hopes of
>abusing the spammer or getting removed from spam mailing lists.
>Spammers will never see those fake bounces, they'll go to an
>innocent person who may report the bouncer for sending them spam.
>... It's also not a good idea to try and retaliate against spammers
>in any way other than reporting the spam you receive, there's far
>too much potential for abuse of innocent third parties.
And these comments on a Jeff Nolan blog post
http://jeffnolan.com/wp/2008/01/25/bounce-in-apple-mail/:
>That is a patently dumb idea, and just adds to useless traffic on
>the net. Believe me - we used to have that feature in our antispam
>product. It's useless - the vast majority of spam is from innocent
>user machines that are turned into spam zombies. ...
>
>... spammers are brute force bots, they don't analyze bounce
>messages, so you really achieve nothing.
And yet more perspectives:
>Most of the time if the message in question is from a spammer, I've
>found when I bounce a message that the address is a phantom address,
>so the bounce feature will not work. The bounce comes back to me
>saying the address does not exist.
http://www.ecommercetimes.com/story/21571.html?welcome=1210702915
>... the return address listed on a spam message may belong to just
>another poor shlub on the list, so bouncing messages may do no more
>than further the harassment.
Finally, appended below is the most thorough explanation I've seen
of this contrary viewpoint.
Aron Roberts
Information Services and Technology
-- From Michael Tsai, developer of SpamSieve: Bouncing Spam Messages October 4th, 2007 http://c-command.com/blog/2007/10/04/bouncing-spam-messages/ From time to time, people ask why SpamSieve doesn't have a feature to "bounce" spam messages back to the sender. They also ask whether they should use Apple Mail's Message that a spammer will stop sending to your address if he thinks that the address was invalid and his message didn't get through. The short answers are that SpamSieve lacks this feature on purpose and that I do not recommend using Mail's Bounce command. More specifically, this sort of bouncing is ineffective or even counter productive for a variety of reasons: 1. Spammers probably don't care. They have lists of thousands or millions of e-mail addresses, and it's cheap to keep sending messages to the entire list. They may get paid based on the size of their list, no matter whether all the addresses are valid. In any case, it wouldn't be worth the effort to prune it down. 2. You can't contact them. Even if you believe that spammers care, your bounce message probably wouldn't get to them. Spammers use hijacked machines and forged return addresses, so if you reply to a spam message you're likely sending your bounce to an invalid address or an innocent bystander. 3. If you could, it might be bad for you. There is a narrow window of time in which rejecting a spam message might work. When the mail server is in the process of receiving a message, it's talking to the sending server and so theoretically it could communicate that the address is invalid. By the time the message has been delivered to your account, downloaded by the mail program on your Mac, and filtered by SpamSieve, this window has long since closed. At this point, if the spammer were listening, he'd already know that the message had been delivered. If you were able to get a bounce back to him, he'd know that it was a fake bounce. The original message must have gotten all through, so he should send you more spam. Since bouncing doesn't work, it would be a waste of your time and network resources to do it. Including such a feature in SpamSieve would fill out the feature checklist but give the false impression that the feature should be used. ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about MAGNet, including how to subscribe to or unsubscribe from its mailing list, please visit the MAGNet Web site: http://magnet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.Received on Tue May 13 2008 - 11:40:39 PDT
This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 11:40:40 PDT