Jump to content

The inane rants of a "Technical Ops Manager"


Javier
 Share

Recommended Posts

Today I have received this mail from a guy that have a misconfigurated mail server that spits backscatter (and, consequently, it have been "burned" by the reports). I have omitted his name:

Hello SpamCop user,

Re 87.117.209.25

You've added my mail server to spamcop for an unsolicited bounce, however i strongly disagree that this action should have been taken.

Whether the mail was generated legitmately or illegitimately from your network is not my issue, my mail server simply fired back an NDR. In fact it's of use to you because either you have a spambot on your network, or you're sending out UCE or someone is forging headers from your network and so it highlights a problem on your side.

Kind Regards

R****** S***

Technical Ops Manager

The funny thing about it (I don't know if it is only shamelessly stupidity or a plain barefaced lie) is how the guy claims that it is not his issue and that his bounces are "in fact of use" (to me) as they "highlights a problem" (on my side).

Well, Mr. "Technical Ops Manager", actually is your mail server the one that is listed, so I would say that having a "trigger happy" mail server IS your issue. Make the rest of the Net a favor and educate yourself about how configurate correctly your equipment to not accept all mail and then "simply fire back" the ones that aren't of your taste.

And please, don't thank me for highligting "a problem on your side". :D

Edited by Javier
Link to comment
Share on other sites

Today I have received this mail from a guy that have a misconfigurated mail server that spits backscatter (and, consequently, it have been "burned" by the reports).

Not sure what might have been meant by 'burned' ... as the referenced IP address is not in the SpamCopDNSBL at this time. Therefore, I also am not sure what this might have to do with the SpamCopDNSBL. So I am moving this Post/Topic from the Blocklist Help to the Lounge area with this post.

Link to comment
Share on other sites

Not sure what might have been meant by 'burned' ... as the referenced IP address is not in the SpamCopDNSBL at this time. Therefore, I also am not sure what this might have to do with the SpamCopDNSBL. So I am moving this Post/Topic from the Blocklist Help to the Lounge area with this post.

Hi Wazoo. Thanks for moving the post.

In fact, this IP is now in several black lists, so I suppose that when the guy received the SpamCop report, he simply go ballistic about it and replied to it with the quoted mail.

The referred report in his 'Subject' mail was http://www.spamcop.net/sc?id=z1770615683zb...213bc93e90f23dz

(Edited for fix the tracking URL)

Edited by Javier
Link to comment
Share on other sites

You could have replied to him using a throwaway address explaining why misdirected bounces are no longer useful.

Well, in fact I did exactly that. ;)

Hello Mr. S****,

You can disagree all you want, but clearly, you have several misconceptions about the legitimacy of the bounces that your badly configured mail server is spewing to other people.

Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only. Mail servers are expected to reject email destined for a non-existent user. Mis-configured servers -like yours- accept email, process it and then bounce it to wrong people that have had the bad luck of having their email addresses used by spammers to forge the 'From' header. As result, these servers get legitimately reported and listed in RBL's.

Your mail server should reject at SMTP all non-deliverable mail, with an 550-error message.

Please, educate yourself at the following sites:

http://www.backscatterer.org/index.php?target=backscatter

http://www.spamresource.com/2007/02/backsc...-i-stop-it.html

http://removals.tqmcube.com/index.php?mod_...p;kb_rating=yes

If your mail server continues to spit bounced spam to others, it will be reported (by me and by other people) and it will be stuck on RBL's lists until you configure it correctly and fix this problem IN YOUR SIDE.

Kind Regards,

Some Spamcop User

Link to comment
Share on other sites

Ya know, this post makes me wonder.... a spammer used one of my email addresses when he/she spammed out hundreds of messages, so I received 40-50 bounces from people, but didn't report them.

Should I have received the 550 errors? From what I read, I can't determine if the forged 'from' address should receive anything.

Link to comment
Share on other sites

If the server is properly configured to reject the message using a 550 error, nothing is sent to the forged FROM address at all. It is only servers that accept messages, and then try to figure out where to send a NDR report later that send misdirected bounces to the forged sender.

Link to comment
Share on other sites

I'm confused as to what you are asking, a 550 is an error sent to the sending server from the receiving server during the SMTP session. All mail servers would understand a 550 error message if they received it from the server they were sending to. It is then up to the sending server to generate an NDR to the actual user.

Link to comment
Share on other sites

I think, but then I am technically non-fluent, that what /should/ happen is that the receiving server sends 550 errors, but if the receiving server accepts the email, then they have to send an email to the return-path which is forged. The latter are reportable via spamcop - not the spam itself, but the 'bounce'.

So if you have received 'bounces' for an email address, they must come from email servers that are accepting the email and then sending the NDR message via email to the return path.

If you received 550 errors, then it would be that you had been sending spam to bad addresses.

Miss Betsy

Link to comment
Share on other sites

So when I receive these error 550 emails from the various sites, should I report them through SpamCop or is receiving them normal?

Terminology is at the crux here. A '550' error is generated by the Receiving e-mail server to which the Sending e-mail server is supposed to recognize and drop the connection. It would be the 'Sending' e-mail server that would then generate a new e-mail to the original sender about the 'failed to send' status of that e-mail. Thios is not to be confused with the 'misdirected bounce' that this topic is about.

Specifically, you do not receive a "550 e-mail" .... at best, you would receive a "Delivery Failed" type e-mail that may include the data showing the 550 error code received from the Receiving e-mail server .. this is typically expanded a bit with something like "e-mail address is invalid" or "user's InBox is full" ....

What is being discussed here is e-mail that was sent from a typically compromised computer, that was generated using forged From: and/or Reply-To: addresses .. the Receiving e-mail server accepted that e-mail, then found it couldn't deliver it, thusly generating a 'Bounce' message by sending to back to the forged From: / Reply-To: address ..... If this is what you are asking about, then yes, the SpamCop.net Rules were changed quite a while back to allow reporting of these "Misdirected Bounces" (see Dictionary, Glossary, Wiki, SpamCop FAQ 'here', the thousands of previous Topics on the same subject)

Link to comment
Share on other sites

So when I receive these error 550 emails from the various sites, should I report them through SpamCop or is receiving them normal?
...Not to second-guess Wazoo, who is far more technically competent than am I but I had some difficulty following his reply and so I thought I'd hazard a simpler answer.

...Normally one does not get '550' e-mails. A 550 code is normally issued during what is known as the "handshake" between the sending SMTP server and the receiving e-mail server.

...If you are receiving bounces, you are almost certainly receiving them from servers that are not generating '550' error messages. You would only be interested in an actual '550' message if you were the administrator of a sending SMTP host.

Link to comment
Share on other sites

...Not to second-guess Wazoo, who is far more technically competent than am I but I had some difficulty following his reply and so I thought I'd hazard a simpler answer.

Thanks. One of those periods where I was supposed to be somewhere else, but was doing database work, on the phone, and trying to answer questions here at the same time .... obviously, only paying 100% attention to the database stuff (he hopes <g>)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...