"Unkown User" mandatory or not ?

[xave]

Hi all,

My office decided to stop replying to mails directed to bad addresses, ie. there is no more "User Unknown" notices comming from us. While I understand that this automatic reply may in a way help some spammers, isn't this mandatory ?

I'd appreciate any infos, and especially official' uris I could point my mailmaster to.

Xave

[Derek T]

Depends what you mean.

Accepting the mail and then sending an auto-response to the 'From' address is a very BAD idea - spam in the eyes of many here.

Refusing to accept the mail and responding with a 55x rejection message to the originating IP address is a GOOD idea and may indeed be 'mandatory' as far as anything on the 'net is mandatory!

[Miss Betsy]

I believe that there is an RFC which says that undeliverable email should be responded to with an undeliverable message after acceptance.

However, the number of people who would be inconvenienced if they were not notified if their email did not go through (due to a typo) is probably a lot fewer than the people who receive bounce messages due to forged addresses.

I don't quite understand the details of why this was once acceptable and recommended, but IMHO, it is time it was changed.

And the reason that your admin has changed its practice is that a lot of those bounces to forged addresses go to spam traps which many blocklists use and so your IP address is being added to blocklists.

All internet protocol is based on netiquette. There is nothing mandatory except practices that other admins recognize as standard. In this case, netiquette is 'Don't send email to forged addresses.'

Miss Betsy

[Wazoo]

As stated several times, your office decision may have been based on the e-mail server/app they're running. If the rejection was handled at the time of the SMTP connection, the rejection would be passed back to the sending server. If they're using one of the more bone-head type apps, what was probably happening is that "all" e-mail was accepted for handling, and somewhere down the road, it was only discovered at "deleivery" time that it couldn't find an InBox that matched, so then it tried to generate a "bounce" message, but chose to use the "From:" line contents to send that Bounce ... and as that From: address was probably forged, they either got another bounce to their bounce, or some e-mail from an irate victim complaining about them using bone-head stupid software and possibly some characterizations of their staff's intelligence quota <g>

[WB8TYW]

  My office decided to stop replying to mails directed to bad addresses, ie. there is no more "User Unknown" notices comming from us. While I understand that this automatic reply may in a way help some spammers, isn't this mandatory ?

The RFCs allow two methods, using SMTP rejects or generating bounces. Generating bounces is now a very bad idea as it is very abusive to innocent victims, so that just leaves SMTP rejects.

What your mail server that is facing the public internet should be doing is using SMTP 5xx reject codes with xx being a two digit code indicating the precise reason for the rejection, along with a small text message.

This must be done before the mail transaction is complete, and the earlier in the SMTP transaction that you issue an SMTP reject for mail that you do not want, the less load it is on your server, and if you pay a metered rate for internet access, it avoids paying for the spam.

If the e-mail can not be delivered for a condition that is temporary such as a user or system out of capacity, then your internet facing mail server should reject the e-mail with a 4xx code and a more precise text message.

If you have an external mail gateway and internal mail servers, the external gateway should check to see if the internal mail server can accept delivery. If the internal mail server can not, then the message should be rejected with the appropriate code.

If the external mail server can not reach the internal mail server, then it should reject the e-mail with a 4xx code until it can get a more accurate response.

And if someone does not know how to do this, they should not be working on a production mail server until they do.

Until the internet facing mail server can be configured to use SMTP rejects properly, it is better off just queing undeliverable messages to be eventually deleted until it can be upgraded to one that knows how to be a good internet citizen.

Some networks pay attention to those that are trying to abuse their mail servers, and put blocks in based on the undeliverable messages.

Anything that automatically generates a mail message in response to the alleged address in spam or viruses is going to eventually hit spamtraps somewhere, or cause networks to put in private blocks on that I.P. address.

Also be aware that any "Out of Offce or Vacation" e-mail auto responders (and especially voicemail) are the on line equivalent to a pile of newspapers on your doorstep while you are on vacation.

Media interviews with convicted criminals reveal that they use those to steal from the victims companies. Either by getting bogus orders appoved for payment, by getting helpful people to overnight mail boxes in the empty office, or simply convincing the help desk to give remind them of the dial in number, their LAN account, and resetting their password.

The last one was even demonstrated on a U.S. news program in front of a company I.T. representative who was previously sure that no one could break into their system.

Since he was obviously of of the office, guess what account was broken into. :-)

-John

Personal Opinion Only