SpamCopWiki : Bounce

SpamCopWikiHome :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register

Bounce


The term Bounce as related to SpamCop can be thought of in a broader form than the general technical defination might allow for. As such, this article will start by using the broader definition of a bounce being any automatic reply to an email message. Using this defination, Vacation Responders, Out of Office Notices and the like would also be considered bounces. Bounces are one of the most common causes for IP addresses to added to the SpamCop Blocking List (SCBL)

Used by some as a description of the notification of undelivered e-mail also know as:

There are two scenarios (or methods) in which a 'bounce' can be generated.
1. Sending a coded message (SMTP reject code).
This is a message that a receiving Mail Transfer Agent (MTA) returns to the sending MTA that the email was not accepted. The sending MTA may create a separate email to send to the originator, informing her of the failed attempt to transfer the message but it will be attached as part of the coded message. These messages are returned by following the IP address path as recorded in the email header in the reverse order that they were originally listed in.
2. Sending a new separate email message.
After an email is received by an MTA (the SMTP transaction was completed) but for some reason cannot be delivered. This 'bounce' email must go to the From/Reply-To (or Return-Path). Note that these addresses may contain any value specificed by the sender and are not authenticated by the SMTPprotocol. Spammers and viruses regularly forge these fields (addresses) with random or arbitrary email addresses.

The RFCs for email permits a receiving MTA to generate an email bounce. However, that is no longer a good practice, because the return address cannot be trusted in the case of spam or virus-laden messages. These messages account for at least 50 to 70 percent of all incoming e-mail, and almost always have a forged return-path. Thus, if they are accepted and a bounce message is sent afterwards, that bounce message will most likey go to an address of an innocent third party, provided the forged return-path is a valid address. These 'bounces' are just as annoying as receiving the spam or viruses directly, and can be considered spam as they are unsolicited.

The preferred practice is for the receiving MTA to issue an SMTP reject code if it can not deliver the e-mail. The sending MTA, upon handling the reject error, may generate a bounce if it is a relaying MTA. If the sending MTA is paired with a Mail User Agent (MUA), such as Mozilla Thunderbird, it may notify the user directly (via the user interface) that her email could not be sent because of the reject message.

Since spammers often use random or arbitrary addresses in the forged return-path, there is a chance that those addresses are SpamCop SpamTraps. If bounces are sent to these addresses, the sending MTA may be put on the SpamCopBlockingList.

SpamCop users who receive a MisdirectedBounce can report it to SpamCop.

See VacationResponders, which is another specialized type of bounce.

See SMTP for explanations about MTA, MUA, etc.

External Links
Wikipedia:Bounce
Wikipedia:Variable_envelope_return_path
 


Other related topics:
Why Am I Blocked? - additional information is also available the SpamCop Forum topic Why am I Blocked?
Automatic Responses - Out of Office (Vacation) Messages
Blowback, Backscatter, Misdirected Bounces
VacationResponders
CategorySpamCopGlossaryWikiB
CategoryWhyAmIBlocked
 Comments [Hide comments/form]
Thank you MissBetsy for your edits.
I have added some links, made a few minor changes and added some additional information at the bottom.
Was wondering if this was what you had in mind as far as simple expanding to more complex.
-- DbieL (2006-06-10 15:08:50)
note: comment was copied and pasted back here due to page name change resulting in the deletion of the original comment. Thus the duplicate, but different date stamps.
-- DbieL (2006-11-15 07:38:43)
First, I disagree that there are TWO kinds of bounces. They are the same thing - an email generated by a mailer when a failure occurs. The SMTP reject case is actually not a bounce - you can try this by using a program such as Thunderbird and a mail server that will reject your message when you attempt to send it. No bounce is generated - only Thunderbird will throw up a dialog saying the message couldn't be delivered.

Second, it's pretty hard to beat the "Bounce" wiki page on Wikipedia. Why even try? I think that it's perfectly alright to refer the reader to that page instead of trying to reinvent a wheel that's been perfected by dozens of people.

Perhaps explaining bounces in the context of spam might be useful.
-- FuhrmanatoR (2007-08-11 18:44:31)
It is not clear to me what you mean in the following sentence:

//Since much spam and most recent viruses are not sent through real mail servers, the receiving server can't return the SMTP reject code. The spam and viruses just disappear since they are not accepted.//

Who is the "receiving server"? I believe that if a Zombie sends a Spam/Virus to my MTA, that receiving MTA *can* return a SMTP reject...

I think what you mean to say is that Zombified MTAs won't create bounces for rejected attempts to send emails, because they aren't fully featured...

Anyway, does this sentence add value to the page?
-- FuhrmanatoR (2007-08-13 07:27:32)
<quote>First, I disagree that there are TWO kinds of bounces</quote>
In this case, bounce is being defined in a non-technical form meaning any message that is automaticly returned to the "sender" due to issues regarding delivery of the message. In that sense, there are two "kinds" of bounces.


What was meant by "can't return the SMTP reject code" is that since the mail was not sent from a valid mail server, there is no place to send the SMTP message such that it can be received and processed. It has nothing to do with the receiving servers ability or permission to generate and send the reject notice.

As far as adding value to the page, it may not, and we may want to rewrite it or delete it; actually you have already replaced it, so will consider that issue closed.
-- DbieL (2007-08-13 22:11:36)
To dbiel:

A "bounce" has a generally accepted definition that is always an email message generated by an autoresponder. See the Wikipedia definition for a consensus.

The rewrite you did seems to imply a "bounce" is a reject message, and I disagree that this term is a good one - it's non standard. That may be your opinion, so to keep it to the facts, I challenge you to find a reference anywhere (on the web, book, etc.) that agrees with your point of view.

There's a good report that describes bounces here: http://www.ironport.com/pdf/ironport_toc_bounce_report.pdf
-- FuhrmanatoR (2007-08-15 19:24:44)
To FuhrmanatoR:

I will not attempt to challenge you on the technical definition of a bounce as I will agree with you. I also agree with your understanding of what I wrote which implies that a bounce is a reject message. From the point of view of those coming to SpamCop because of problems with the mail getting blocked the real issue relates to reject messages and how they are being processed.

Also a more general comment about the SpamCop Wiki is that its purpose to provide a simplified explanation of terms and issues related to SpamCop and how they interact with each other. Yes it can be expanded into a more detailed and technical discussion, but it needs to start off in a more simplified form.

I will attempt to rewrite to address some of the concerns you have pointed out.
Thanks for your contributions.
-- DbieL (2007-08-16 17:56:24)
Page History :: 2009-06-09 22:37:55 XML :: Owner: DbieL :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.2
Page was generated in 0.0892 seconds