The inane rants of a "Technical Ops Manager"

[Javier]

Today I have received this mail from a guy that have a misconfigurated mail server that spits backscatter (and, consequently, it have been "burned" by the reports). I have omitted his name:

Hello SpamCop user,

Re 87.117.209.25

You've added my mail server to spamcop for an unsolicited bounce, however i strongly disagree that this action should have been taken.

Whether the mail was generated legitmately or illegitimately from your network is not my issue, my mail server simply fired back an NDR. In fact it's of use to you because either you have a spambot on your network, or you're sending out UCE or someone is forging headers from your network and so it highlights a problem on your side.

Kind Regards

R****** S***

Technical Ops Manager

The funny thing about it (I don't know if it is only shamelessly stupidity or a plain barefaced lie) is how the guy claims that it is not his issue and that his bounces are "in fact of use" (to me) as they "highlights a problem" (on my side).

Well, Mr. "Technical Ops Manager", actually is your mail server the one that is listed, so I would say that having a "trigger happy" mail server IS your issue. Make the rest of the Net a favor and educate yourself about how configurate correctly your equipment to not accept all mail and then "simply fire back" the ones that aren't of your taste.

And please, don't thank me for highligting "a problem on your side".

[Wazoo]

Today I have received this mail from a guy that have a misconfigurated mail server that spits backscatter (and, consequently, it have been "burned" by the reports).

Not sure what might have been meant by 'burned' ... as the referenced IP address is not in the SpamCopDNSBL at this time. Therefore, I also am not sure what this might have to do with the SpamCopDNSBL. So I am moving this Post/Topic from the Blocklist Help to the Lounge area with this post.

[Javier]

Not sure what might have been meant by 'burned' ... as the referenced IP address is not in the SpamCopDNSBL at this time. Therefore, I also am not sure what this might have to do with the SpamCopDNSBL. So I am moving this Post/Topic from the Blocklist Help to the Lounge area with this post.

Hi Wazoo. Thanks for moving the post.

In fact, this IP is now in several black lists, so I suppose that when the guy received the SpamCop report, he simply go ballistic about it and replied to it with the quoted mail.

The referred report in his 'Subject' mail was http://www.spamcop.net/sc?id=z1770615683zb...213bc93e90f23dz

(Edited for fix the tracking URL)

[Wazoo]

The referred report in his 'Subject' mail was http://www.spamcop.net/mcgi?action=gettrac...rtid=2996500077

Please see FAQ Entry: Getting a Tracking URL from a Report ID

It could well be that the other BLs didn't have much impact on his/her operations ...???

[Miss Betsy]

You could have replied to him using a throwaway address explaining why misdirected bounces are no longer useful.

Miss Betsy

[Javier]

You could have replied to him using a throwaway address explaining why misdirected bounces are no longer useful.

Well, in fact I did exactly that.

Hello Mr. S****,

You can disagree all you want, but clearly, you have several misconceptions about the legitimacy of the bounces that your badly configured mail server is spewing to other people.

Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only. Mail servers are expected to reject email destined for a non-existent user. Mis-configured servers -like yours- accept email, process it and then bounce it to wrong people that have had the bad luck of having their email addresses used by spammers to forge the 'From' header. As result, these servers get legitimately reported and listed in RBL's.

Your mail server should reject at SMTP all non-deliverable mail, with an 550-error message.

Please, educate yourself at the following sites:

http://www.backscatterer.org/index.php?target=backscatter

http://www.spamresource.com/2007/02/backsc...-i-stop-it.html

http://removals.tqmcube.com/index.php?mod_...p;kb_rating=yes

If your mail server continues to spit bounced spam to others, it will be reported (by me and by other people) and it will be stuck on RBL's lists until you configure it correctly and fix this problem IN YOUR SIDE.

Kind Regards,

Some Spamcop User

[Miss Betsy]

Well, in fact I did exactly that.

Very good! with supporting documentation! Hope he listens.

Miss Betsy

[Merlyn]

Very good! with supporting documentation! Hope he listens.

I doubt it. His brain will probably give an NDR on any knowledge transfer.

[btech]

Ya know, this post makes me wonder.... a spammer used one of my email addresses when he/she spammed out hundreds of messages, so I received 40-50 bounces from people, but didn't report them.

Should I have received the 550 errors? From what I read, I can't determine if the forged 'from' address should receive anything.

[Telarin]

If the server is properly configured to reject the message using a 550 error, nothing is sent to the forged FROM address at all. It is only servers that accept messages, and then try to figure out where to send a NDR report later that send misdirected bounces to the forged sender.

[btech]

So, in other words, I need to check and see if my server is accepting 550s?

[Telarin]

I'm confused as to what you are asking, a 550 is an error sent to the sending server from the receiving server during the SMTP session. All mail servers would understand a 550 error message if they received it from the server they were sending to. It is then up to the sending server to generate an NDR to the actual user.

[Miss Betsy]

I think, but then I am technically non-fluent, that what /should/ happen is that the receiving server sends 550 errors, but if the receiving server accepts the email, then they have to send an email to the return-path which is forged. The latter are reportable via spamcop - not the spam itself, but the 'bounce'.

So if you have received 'bounces' for an email address, they must come from email servers that are accepting the email and then sending the NDR message via email to the return path.

If you received 550 errors, then it would be that you had been sending spam to bad addresses.

Miss Betsy

[btech]

So when I receive these error 550 emails from the various sites, should I report them through SpamCop or is receiving them normal?

[Wazoo]

So when I receive these error 550 emails from the various sites, should I report them through SpamCop or is receiving them normal?

Terminology is at the crux here. A '550' error is generated by the Receiving e-mail server to which the Sending e-mail server is supposed to recognize and drop the connection. It would be the 'Sending' e-mail server that would then generate a new e-mail to the original sender about the 'failed to send' status of that e-mail. Thios is not to be confused with the 'misdirected bounce' that this topic is about.

Specifically, you do not receive a "550 e-mail" .... at best, you would receive a "Delivery Failed" type e-mail that may include the data showing the 550 error code received from the Receiving e-mail server .. this is typically expanded a bit with something like "e-mail address is invalid" or "user's InBox is full" ....

What is being discussed here is e-mail that was sent from a typically compromised computer, that was generated using forged From: and/or Reply-To: addresses .. the Receiving e-mail server accepted that e-mail, then found it couldn't deliver it, thusly generating a 'Bounce' message by sending to back to the forged From: / Reply-To: address ..... If this is what you are asking about, then yes, the SpamCop.net Rules were changed quite a while back to allow reporting of these "Misdirected Bounces" (see Dictionary, Glossary, Wiki, SpamCop FAQ 'here', the thousands of previous Topics on the same subject)

[turetzsr]

So when I receive these error 550 emails from the various sites, should I report them through SpamCop or is receiving them normal?

...Not to second-guess Wazoo, who is far more technically competent than am I but I had some difficulty following his reply and so I thought I'd hazard a simpler answer.

...Normally one does not get '550' e-mails. A 550 code is normally issued during what is known as the "handshake" between the sending SMTP server and the receiving e-mail server.

...If you are receiving bounces, you are almost certainly receiving them from servers that are not generating '550' error messages. You would only be interested in an actual '550' message if you were the administrator of a sending SMTP host.

[Wazoo]

...Not to second-guess Wazoo, who is far more technically competent than am I but I had some difficulty following his reply and so I thought I'd hazard a simpler answer.

Thanks. One of those periods where I was supposed to be somewhere else, but was doing database work, on the phone, and trying to answer questions here at the same time .... obviously, only paying 100% attention to the database stuff (he hopes <g>)

[Miss Betsy]

Does anybody know exactly what the OP is receiving? Why does the OP think that he is receiving 550 emails? Three people have explained it - two techies and one non-tech. Maybe Steve's explanation will be the 'eureka' point!

Miss Betsy