Thread: Drop or Bounce?

    #1
  1. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Location
    Tacoma, WA
    Posts
    199
    Rep Power
    0

    Drop or Bounce?


    Should mail to nonexistent addresses be bounced back or deleted?
  2. #2
  3. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Originally Posted by Weekend Coder
    Should mail to nonexistent addresses be bounced back or deleted?
    Depends. If you have an account set up that doesn't get much spam, then I'd have it bounce back so the person emailing is aware. If you get mainly spam, then just have it deleted....
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  4. #3
  5. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,439
    Rep Power
    4539
    My isp (a large one) stopped returning bounce messages a couple years ago. Bounce messages clutter up system resources and network bandwidth, and give 'bad guys' valuable information about a mail server.

    Comments on this post

    • hiker agrees
    • Weekend Coder agrees : Hadn't thought about the bandwidth issue. Thanks!
    • fubes2000 agrees : plus backscatterer.org gets mad at you and demands 50 euros to delist
    ======
    Doug G
    ======
    Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.
    --Alfred Bester
  6. #4
  7. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Location
    Tacoma, WA
    Posts
    199
    Rep Power
    0
    I'm not really interested in notifying the recipients that they are sending mail to a bad addy. I know it sounds cold, but that's their problem. Mine is making sure that spammers can't leverage my server to spam.

    It crossed my mind that they could send it to a bad address on my server, and have it bounce to the actual target addy by having the target as the "return" and "from" addy in the header.

    Don't know that they do this, but I think it's a possible vector.

    What I'm wondering is what the standard procedure by mail server admin gurus is? And, I've found that any mail server that has been on line a while will eventually find its domains on a lot of spam lists, that's just life. My domains have been active since 1998, so they are the target of a lot of spam.

    I'm running Qmail and of course I use SpamAssassin and ClamAV, but even though I've managed my own mail server for 6 or 7 years, I'm really still a noob in the Black Art of mail server management.
    Last edited by Weekend Coder; April 17th, 2010 at 02:15 AM.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    4
    Rep Power
    0

    Reduce backsplatter


    Originally Posted by Weekend Coder
    Should mail to nonexistent addresses be bounced back or deleted?
    Read this article, Hope it helps.
    whynotwiki.com/Spam#Reduce_collateral_spam_.2F_illegitimate_backsplatter

    Delimiter
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    3
    Rep Power
    0
    Properly configured mail servers and mail server programs should not bounce mail that was addressed to an invalid user. Here is how it should work. Remote server connects to your mail server, while the SMTP connection is open, a HELP/EHLO will be passed, MAIL FROM: command is passed, and then the RCPT TO: is passed. If your server sees the user is invalid, it should respond with a 5xx error stating the user in an invalid or unknown user. At which point your server drops the connection, and it is up to the remote server to notify the sender the message was not delivered.
    If your users are Authenticating and sending remote, same should happen in reverse, remote server responds to your RCPT TO; command with a 5xx and your server should notify your user that the mail was not delivered.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2010
    Location
    Sydney
    Posts
    9
    Rep Power
    0
    Originally Posted by Weekend Coder
    Mine is making sure that spammers can't leverage my server to spam.
    in regards to spam, setting up SPF and domainkeys, using a non standard port is all SOP in IT, then depending if its personal or business you can bounce, giving custom messages if your worried about giving out too much info, or drop, i might suggest looking into statistics before dropping as some legitimate emails do get flagged.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2006
    Posts
    319
    Rep Power
    8
    We never bite a dog back, if dog bites...do we ??

    Always drop... bouncing is just wasting your resources (both bandwidth and CPU)
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    34
    Rep Power
    6
    If you send a NDR (bounce) to for an unknown user, you can get nailed for backscatter.

    If someone does a dictionary attack against your server and you are bouncing unknown users, the attackers can spoof the reply-to. As a result, your server sends the bounce to a 3rd party and you can get blacklisted for it.

    You should reject email to unknown users as SMTP time. This way the sending server gets an immediate 500 series error.

    Search for "stop email backscatter" on google and include your SMTP server type. You should be able to find some info on how to stop this.

IMN logo majestic logo threadwatch logo seochat tools logo