 |
sendmail Milters: A Guide for Fighting Spam |
By Bryan Costales and Marcia Flynt 352 pages; $35.99 Addison-Wesley |
|
|
|
|
All Internet e-mail is sent using a protocol called SMTP (Simple Mail Transfer Protocol).
In SMTP, mail is sent in units called envelopes. First the address of the envelope sender is sent, followed by one or more envelope recipient addresses. Finally the actual message is
sent, headers and body together. Note that the final recipient sees only the headers and
body. Envelope information is generally visible only to sendmail and its Milters.
When a user replies to an e-mail message, the reply is generally sent to the header
sender — the address listed in the From: header. But when a message is bounced, the
bounce reply is generally sent to the envelope sender address.
Spam sites have learned about this property of e-mail and can use it to their advantage.
Spammers know that a large percentage of the email they send will bounce, but they do
not care about bounces. Even if an address in a list continues to bounce, spammers will
not remove it, because the cost of cleaning their lists is too high.
Some spam detection software looks at the envelope sender on the theory that the
envelope sender will point to the spam-sending site, because that is where bounced e-mail
goes. But to avoid this type of detection (and also the potentially high volume of bounce
return messages), spam-sending sites often use a false envelope sender. In other words,
they lie about their identity. And not only do they lie, they also forge. That is, because
many MTAs (sendmail included) reject the envelope sender if the host part of the address
does not exist, spammers often use real envelope sender addresses (but not their own).
The result is that some poor user somewhere in the world will receive all of a spam site's
bounces. This is certainly evil, but it is not illegal. There is nothing in the SMTP standard
that can cause a sending site to tell the truth in the envelope sender specification.
Because spamming sites never clean their address lists and because spamming sites often
lie about the envelope sender, you should probably never bounce (reject) spam e-mail. If
you do, you may be unwittingly adding to the problem by bouncing to an innocent user.
In general, it is better to accept and discard spam e-mail or to accept and archive it.
An alternative (if you have some way to keep count) is to bounce spam the first time it
is received from a site. In that way, if good e-mail is bounced, the sender (a real person)
can contact someone at your site to have the problem corrected.
This chapter is excerpted from the new book, "sendmail Milters: A Guide for Fighting Spam," authored by Bryan Costales and Marcia Flynt, Copyright © 2005 Bryan Costales and Marcia Flynt. To learn more about the book, please visit: http://www.awprofessional.com/title/0321213335.
