Re: [vps-mail] auto-reply on vps2 Qs SOLVED

[Godwin Stewart <gstewart@xxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 15 Feb 2005 11:38:19 +0100, "Andy McKell, FOCUS Internet" 
<mac@xxxxxxxx> wrote:

> So autoresponders can get you blacklisted, now?
> Someone sends me a spam and I get blacklisted?

Yes, very easily.

> Is this serious?

It can be.

This is what happens.

1) Someone out there has an infected computer ($deity knows that there are 
enough of them) with both your and my address in the address book or in any 
other file that the virus is going to sift through (browser cache or mail 
store for example).

2) The virus sends a copy of itself out to you having forged my e-mail 
address into the "From:" header and the SMTP envelope.

3) You receive the virus, but the autoresponder picks it up.

4) The autoresponder sees that the mail is "from" me and sends me off an 
out-of-office (or whatever it is you're sending out) reply.

5) If I know you I'm going to call you or mail your postmaster address 
asking you to fix your broken mail system. If I don't know you I'm going to 
report it as spam - it fits the commonly accepted definition of spam, which 
is "unsolicited, bulk or promotional e-mail" because it's definitely 
unsolicited (by me anyway), it's bulk because it gets sent out in identical 
form in response to every mail hitting your address, and it probably has 
some description of your company too (in which case it's both bulk *and* 
promotional).

Exceptions to this are people who are attempting to do the Right Thing(tm), 
such as mailing list managers who want to get confirmation from the owner of
the e-mail address trying to sign up before adding that address to the list.

Now imagine what happens if the virus (or spammer) has scraped spam trap 
addresses off the 'Net and forges *those* into the outbound mail. In step 4)
above you are going to be sending your autoresponder messages to the spam 
traps, and if the spam traps belong to DNSBL operators, it *will* get you 
blacklisted.

The 'Net is no longer the safe playground it used to be and the RFCs are out
of sync with the real world. The only way to deal with mail nowadays is 
either to accept it or to reject it during the SMTP negociation. Accepting a
mail and generating a bounce or anything else from it after the fact is no 
longer acceptable in a climate where 95% of attempts to send mail are spam.

- -- 
G. Stewart - gstewart@xxxxxxxxxxx

The journey of a thousand miles begins with a broken
fan belt and a leaky tyre.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFCEd7SK5oiGLo9AcYRAmVAAJ0RvcKuHhJZ2qtooaLkSDEe/q66jgCfTyEs
92imO8v+u3ERthZW9xmz9yo=
=/7CU
-----END PGP SIGNATURE-----
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).