spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mouss <mo...@netoyen.net>
Subject Re: Undeliverable mails
Date Thu, 05 Jun 2008 08:24:15 GMT
ram wrote:
> You might be surprised , but that is not exactly true. I have seen a lot
> of backscatter from Cisco Ironports. 
> Most Ironport boxes dont do any address verification at the time
> accepting mail, and then send NDR's. But if these are getting SPF fail,
> then these messaged may get discarded as spam ( I assume ) 
>   

discarding would not be reasonable. They can however discard the bounce 
in case of SPF/DKIM fail (or any other heuristics). but do they really 
do that? There is still a risk to discard a legitimate bounce (a lot of 
SPF records do not match "reality": they may not be updated, they may 
not include all relays, ... etc). I'm not sure a vendor can take this 
road currently (they can offer this as an option, but will the admin 
ever notice or understand it?).

Also this would assume that the final server does address validation at 
smtp time. but this is not always true. so the appliance will not know 
whether the address was valid or not, and the final server sends a 
bounce after accepting the message from the appliance.

> And this may happen with a lot of other outsourced antispam vendors too
>
>   

While MSPs may have mitigation methods (Postini relays in real time 
unless the final site is down, dyndns discards mail to invalid 
recipients, ...), a lot of backscatter is generated by their customers 
(the final server accepts then bounces).



Mime
View raw message