tedm at toybox.placo.com
Fri Feb 17 15:06:23 PST 2006
>From: owner-freebsd-questions at freebsd.org
>[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of jdow
>Sent: Friday, February 17, 2006 2:27 PM
>To: freebsd-questions at freebsd.org
>Subject: Re: sendmail autoresponder
>From: "Giorgos Keramidas" <keramida at ceid.upatras.gr>
>> On 2006-02-17 09:29, Ted Mittelstaedt <tedm at toybox.placo.com> wrote:
>>> You do NOT want to setup an autoresponder like vacation! The
>>> FEATURE method that Giorgos explained is the correct way to do it.
>>> If your not using sendmail and your MTA cannot issue an error in
>>> this fashion, you do not want to mess around with this.
>>> What happens with autoresponders is that spammers inadvertantly
>>> trigger them. As a result the autoresponses get sent to thousands of
>>> victims who had their names forged to the spammers message. Some
>>> of those victim addresses are spamtrap addesses.
>> Oh, crap! I hadn't thought of that. Good thinking there Ted :)
>There is no "inadvertantly" about it. If spammers find an open relay
>or an open bounce they exploit it. And you get blacklisted.
But, in this case the server isn't relaying or bouncing the spam, it is
back the canned vacation or whatever message, which is probably not
what the spammer wants. The spam is going into
the hapless vacationers inbox. The problem is that the blacklist
servers on the Internet can't tell the difference between real live
spam in their dozen or so spamtraps, and someone's "out of office"
e-mail message in their dozen or so spamtraps.
The situation is of course compounded when people pull shenanigans like
wildcarding every incoming message for a domain name into an
this used to be common when people renamed domains.
But even a normal spam run can do it. For example sally at example.com goes
on vacation. Spammer decides sally at example.com would be a good name to
forge on a spam. Spammer transmits spam and thousands of bounces and
many complaints bounce back to sally at example.com. Sally's vacation
then spits out thousands of vacation notices to
mailer-daemon at yucketyyuck.com
etc. domains, plus hundreds of vacation notices to idiot people who were
complaining to Sally because they didn't bother looking at the header of
the initial spam and seeing that it came from some other machine than
example.com. Those people get the vacation notice in response to their
complaint to Sally to stop spamming them, which causes some of them to
forward those to spamcop, which initiates a blacklist.
The same issue applies to those "click on my URL website to validate
your e-mail message" autoresponding things. Those get people blacklisted
for the same reason.
More information about the freebsd-questions