Jump to content
Sign in to follow this  
Pangolin

Will autoresponders ALWAYS be blocked by Spamcop?

Recommended Posts

Hi All,

I have a question for all of you.

We had a few email addresses that were used since 1997. As many email addresses do, they eventually gathered a lot of spam. We discontinued using those email addresses, but when we did, we put an autoresponder on them.

The autoresponder did not include the original email so that it could not be used as a way to re-send spam messages. Instead, it informed the sender that they needed to use the "contact" form on our web site. The autoresponder also gave "More information about this message", informing the "sender" that they received this automatic response because either they themselves sent us an email, or because their address was used as the FROM address. The autoresponder also gave two methods for people to report any problems are abuses (telephone and direct web link), and lastly, we setup the server so that people would only get the autoresponse message once per day, regardless of how many emails our server received.

This worked well for a while, but recently my ISP began receiving complaints that this autoresponse was spam. Not too many complants (only two so far, from two separate people), and I don't think our ISP was ever blocked. But still, it made us nervous, so we discontinued the autoresponder, at least for now...

I realize that autoresponders can be a nuiscence, but still it does beg the question, are autoresponders ALWAYS considered to be "bad" in the eyes of Spamcop and similar organizations? Will an ISP eventually be blocked for something like a "on vacation" message?

In this case, something like an autoresponder is absolutely necessary, to let our legitimate customers know how to contact us. Also, it gave those who were victims of spammers using their emaill address as the FROM line a way to report the abuse (although it seems they would rather report it to Spamcop than using our methods).

In any case, I am wondering if we could turn back on our autoresponder under some condition -- some additional information that we would include or something like that. Or maybe we were already doing the right thing by not including the original message and already giving them a few ways to report abuses.

Would someone (preferably official) please let me know if there are boundaries to this type of situation?

Best regards,

Bill

Share this post


Link to post
Share on other sites

Most mail packages can be configured to reject these messages during the SMTP session with a 500 serier error. During this rejection you can also include a custom message in the rejection, for instance:

to:oldaddress[at]example.com 550 Old address no longer valid, please see: http://www.example.com/NewAddressInfo.html

In this way, valid senders get an NDR from their mail server, and emails from spammers and viruses are simply dropped.

You can find more information here:

http://www.spamcop.net/fom-serve/cache/329.html

But as someone who recently got almost 100 auto response messages over the course of several hours because someone decided my email address would make a good from address, I would say that yes, autoresponders will probably be considered bad until spam and viruses go away.

Edited by Telarin

Share this post


Link to post
Share on other sites

No, I don't see the SpamCop Parsing and Reporting Service going back to the "bad old days" when we couldn't report autoresponses, even if all spam were to magically cease. Yes, ISPs' servers that issue vacation autoresponses will be listed by the SCBL if they hit SpamCop Spamtraps and/or are Reported enough times.

My suggestions for each former employee's mailbox and email address are as follows:

  1. If the former employee was not supposed to have official email correspondence with the outside world, either reject messages to it with a 500-series error at your border or collect and report its spam.
  2. If the former employee was supposed to have official email correspondence with the outside world AND the former employee's job is being completely filled by someone (replacement, co-worker, or supervisor/manager), alias the former employee's email address to its replacement's email address. If the replacement complains about too much spam, have the replacement notify valued correspondents about the replacement's new email address, consider a better anti-spam solution, and revert to Suggestion 1 above.

Share this post


Link to post
Share on other sites
I realize that autoresponders can be a nuiscence, but still it does beg the question, are autoresponders ALWAYS considered to be "bad" in the eyes of Spamcop and similar organizations? Will an ISP eventually be blocked for something like a "on vacation" message?

37789[/snapback]

The answer to your question is a bit complex. The cause being spammers turning a good thing into a bad thing. It is very much like security checks at the airport. There was no need for them until terrorists took advantage of the opportunity and made them necessary. Now we all suffer the hassles of the security checks as a trade off for the potential gains in safety. Autoresponders could be compared to knitting needles. Someone wishing to make use of wasted time on an airplane may want to knit. And in general, knitting needles are not considered dangerous instruments, but they have been banned from airplanes because they could potentially be used by a terrorist. Autoresponders are generally a good thing in that they provide useful information to the sender of a message that they might not otherwise receive because of changes in the email delivery situation, such as some one on vacation who will not be reading their mail. The problem is spammers have found ways to use them to send out even more spam. They will often (almost always) use fake "from" and "reply to" addresses (used by autoresponders) on the messages they send. That address is often a valid address belonging to someone that has nothing to do with the spam being sent. Spammer's mailing lists are full of "bad" addresses. They find it unnecessary to maintain a clean mailing list as the cost of sending mail is much less than the cost of cleaning their mailing list. The result is some poor innocent person, maybe even you, starts receiving 1,000's of mail messages from autoresponders. This is where the problem lies.

If autoresponders could be programmed in such a way that they filtered out responses so that responses were only sent to actual senders of the message and not to the forged addresses, THEN they would be considered safe to use even today. Until that can be done, it is better that they not be used at all. Put another way, if the only mail you actually receive is valid, no spam at all; then it would be fairly safe to use autoresponders. But if you are receiving any spam (in this case the definition is slightly different {any mail with a forged from, or forged reply to address}) Then you are living in a dangerous world by using auto responders.

Share this post


Link to post
Share on other sites
snipppp ...

Put another way, if the only mail you actually receive is valid, no spam at all; then it would be fairly safe to use autoresponders. But if you are receiving any spam (in this case the definition is slightly different {any mail with a forged from, or forged reply to address}) Then you are living in a dangerous world by using auto responders.

37804[/snapback]

One way of cutting down on the risk is to cause an anti-virus check and a SpamAssassin check to be performed and only auto respond to emails that pass both checks. If not losing a possible customer's email is really important to you n then a human could also review the spammy emails for false drops.

Share this post


Link to post
Share on other sites
Will autoresponders ALWAYS be blocked by Spamcop?

Are there any exceptions?

What is the SpamCop Blocking List (SCBL)?

An autoresponder that hits its target works fine. An autoresponder that misses its target sucks. Out of the millions and millions of e-mail users around the world, there are but the thousands and thousands used by folks that use the SpamCop Parsing & Reporting toolset to handle their spam. There are but a handful of spamtrap addresses that connect directly to the SpamCop BL machinery. As described in the referenced FAQ, one could use an autoresponder for years without a problem, yet it only takes one spammer taking advantage of something developed back in the "trust everyone days" to jack things up for everyone involved. And now that there are folks out there trying to make their money by finding. listing, and selling these lists of "complaint servers" to those that would abuse them, just about anything is a target these days for this kind of abuse.

Share this post


Link to post
Share on other sites
Most mail packages can be configured to reject these messages during the SMTP session with a 500 serier error. During this rejection you can also include a custom message in the rejection, for instance:

to:oldaddress[at]example.com 550 Old address no longer valid, please see: http://www.example.com/NewAddressInfo.html

In this way, valid senders get an NDR from their mail server, and emails from spammers and viruses are simply dropped.

Thanks for the additional information. But let me ask you, are they really "simply dropped"? I mean, if someone sends a spam message from "bill[at]microsoft.com" to my server, and my server bounces with the message you suggest above, won't "bill[at]microsoft.com" always get the message?

Or are you saying this "bounce message" is something that happens at a lower-level, during the actual SMTP communicaiton itself, and thus only the people actually doing the sending would receive the message and not necessarily those whose email address just happens to be listed in the FROM line?

I am not as much of an expert as you guys at servers, or configuration. What I can say is that I use a Linux server running Plesk 7.5. It is provided by a company called Server 4 You. I am not sure which mail package is installed per se, but in the options that configure how to respond to un-known email addresses, there is:

* Bounce with message: the mail will be returned to sender with the bounce message you specify.

* Forward to address: the mail will be forwarded to the address you specify.

* Reject: the mail will be rejected during SMTP session without being queued for delivery. This option can save bandwidth and server resources.

Right now, I have "Reject" specified, so that any emails that are just made-up targeting typical user names like "sally[at]" and "jerry[at]" and "jim[at]" will all be rejected. It is only on the email addresses that we formerly had real people that we were using the autoresponder method mentioned before.

So I am not sure if the "Bounce with message" option is really what we are after or not... I suspect not...

If there is someone here who is a server expert, and can help implement what Telerin suggested, we would be happy to pay an associated fee... I suppose it should be possible to send a private message on this message forum system if anyone can be of assistance...

Bill

Share this post


Link to post
Share on other sites

"Bounce with message" would be the one to avoid. :)

I'd be happy to help with implementation, but you seem to be in Florida and your mailserver is probably in Missouri, so I'm not sure how that would work, but feel free to email me. :)

Share this post


Link to post
Share on other sites
Or are you saying this "bounce message" is something that happens at a lower-level, during the actual SMTP communicaiton itself, and thus only the people actually doing the sending would receive the message and not necessarily those whose email address just happens to be listed in the FROM line?

Yes, thats exactly right. If it drops during the SMTP connection with a 500 series error, then the sending server receives the message, rather than whoever happens to be in the FROM field. If its a real server, it will generate an NDR to the sender. If its a spam zombie or virus, it will just ignore it.

* Reject: the mail will be rejected during SMTP session without being queued for delivery. This option can save bandwidth and server resources.

Thats the one you want.

If there is someone here who is a server expert, and can help implement what Telerin suggested, we would be happy to pay an associated fee... I suppose it should be possible to send a private message on this message forum system if anyone can be of assistance...

37810[/snapback]

Unfortunately, I'm not familiar enough with the server you are using to tell you how to configure it to provide a message with the Reject, but your ISP should be able to implement that for you without too much trouble.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×