What is Digg?90 Comments
- cliffzdude, on 10/12/2007, -0/+66Bouncing spam on the client end is like trying to stop a pandemic by spraying your door handle with Lysol. It may make you feel better, but it won't work.
99.999% of spam filtering is done on a large scale, your ISP, your mail provider, your corporate enterprise IT guys, etc. Generally its a bad idea to bounce spam, as stated here already. Another reason that bounces have been found to be bad is spammers started to disguise their spam as bounced messages. OOPS! Besides, no bounces will ever make it the spammer, they know their lists are ***** but they don't give a *****. What they DON'T want is to ever get back in their email a bounce record, or a flood of bounces.
The good spam, spam that is from a company who WILL let you opt out will respond to a bounce, but who cares? They'll help you opt out anyway. - herrshuster, on 10/12/2007, -3/+66lol "i was playing around with the customize bar"
you mean you were watching diggnation.
give credit people. this was on the most recent diggnation - ramaz, on 10/12/2007, -0/+33I knew it sounded too simple.
The problem is, who will receive our bounced messages? And will they really accomplish anything? Here is a quote from Mozilla Thunderbird's Help pages about bouncing messages.
"How do I bounce my message back to Junk mail senders?
Many users have requested a bounce feature which would allow them to send a fake unknown-recipient return message back to senders of unsolicited mail. The aim is usually to punish Junk mail senders by costing them bandwidth to receive such bounce messages. Unfortunately, such measures usually punish innocent bystanders. Many junk mail senders fake others' e-mail addresses, and bounce would do double injury to these people. It may cost little for Junk mail senders to send and receive messages, but it costs network carriers to process both spam and your bounce messages, and your ISP may prohibit the uses of fake bounces."
I, on the other hand, have been glad to know about it when I've been spoofed, though it has always galled me to no end that I could do nothing about it. So we could be doing senders a favor by letting them know they've been spoofed, but of course if they receive a zillion bounce messages it will be no favor at all. - FunkyWitDaSysTm, on 10/12/2007, -0/+21heh, good point. i used to use this feature a long time ago but gave up when most of the spam i bounced got bounced back to me because the reply-to and sender addresses weren't real addresses.
- frenzon, on 10/12/2007, -0/+14By bouncing you're just contributing to the spam problem - the From address is most always that of some random person, and is usually not connected to the spammer. Bounces and autoresponses make up about 95% of the spam that gets through gmail's filter.
- votamli, on 10/12/2007, -1/+12Its great that it worked for this guy, but I honestly dont see how this can "make it go away completely". If this type of tactic gets adopted quickly, spammers will just keep on sending emails regardless of bounce-backs.
I need to digg this inaccurate (sorry).
Additionally, on some email accounts I already get tons of bounce backs from spams email to other people (but with my email as a reply-to). Like the Mozilla team says, in the end it just creates twice as many junk mails (for the person receiving it, and for those with the bad luck of having their emails on the "reply-to" for spam emails). - rabbitt, on 10/12/2007, -0/+11This guy is an idiot - 95% of spam contains forged sender addresses. The most you’re going to accomplish by doing this is pissing off people who have no connection to the spam you recv’d. Do not EVER bounce spam and virus laden emails.
It’s far better to just invest in a good app (like thunderbird, or otherwise) that can learn the difference between spam and ham (via manual training typically) and filter the emails appropriately. Or better yet, people should use something like dodgeit.com for throw-away email addresses when subscribing to sites that are suspect.
The only thing worse than a user doing this are sysadmins who make it policy to bounce spam/virus.
Burried. - jcaino, on 10/12/2007, -1/+10as someone who works at a web host, let me say that bouncing the messages is pretty pointless since pretty much all spam uses spoofed domains.
this can cause havock on servers, especially when someone has a catch-all address set up.
bouncing spam wont stop spammers - they don't have to deal with any of the backlash from undeliverable mail. think about it - there's already a ton of spam that gets sent to addresses that don't exist but that's not stopping spam. - akyra, on 10/12/2007, -1/+10I highly doubt that it will get bounced back to the 'real' sender if it's spam. Most spammers forge the return to or from address.
- Roger, on 10/12/2007, -2/+11Can you bounce directly from GMail? I don't think you can...
- inactive, on 10/12/2007, -0/+9Exactly. As someone who used to manage mail servers for a living I ask you to please, please, please stop using this feature. All you're doing is clogging up your ISP's mail queue with messages that can't be delivered because the recipient addresses are forged. The mail you bounce back will hit your SMTP server where it will sit until the the TTL (Time To Live) on the server's queue is reached, at which point it will be returned to you as undeliverable or discarded, depending on the MTA's config.
- Nougat, on 10/12/2007, -2/+10Inaccurate. This certainly generates an NDR delivery to the From address in the spam email - which is always spoofed and usually invalid. Which means that your mail server will attempt to send your bounce NDR to an invalid address for four days till it times out.
I actually configured our mail server on Friday *not* to generate NDRs for mail sent to invalid addresses for precisely that reason. All it does it clog the mail queues. - DCMacHead, on 10/12/2007, -0/+7Apple Mail and GMail are like a Queen and a Rook. If you set up your Apple Mail to pick up your e-mail from your GMail account, it's doubtful you'll ever get spam. I've found it to be a potent combination.
- webfiji, on 10/12/2007, -1/+8Bouncing spam mail does more harm than good. Your sending out bounced messages that eat up bandwidth and have no guarantee that it will get you removed off of spammers list. I stopped using one of my email addresses for my domain by turning off the email address and a year later decided I wanted to use it again. Guess what, I had over 200 messages within the first 2 days of the email address being turned on. That means that a dead email address was never taken off of many spammer's lists. Which proves that bounced messages isn't the end all be all for fighting spam.
- angusm, on 10/12/2007, -0/+7ramaz wrote: "The problem is, who will receive our bounced messages?"
I can answer that question.
I will.
Spammers are currently sending spam that claims to come from four of my domains (including ones with SPF records, which were supposed to put a stop to this practice: go figure), plus all of my regular email addresses. If you bounce spam that you receive, the bounces won't come within a thousand miles of the spammer. They will, however, clutter up my mailbox and the mailboxes of other people like me (and you).
I know the original poster claimed that hitting the bounce button caused his spam load to decline. If he did indeed get less spam, I can assure you that it wasn't because of anything he did with the bounce button. It can't and doesn't work, and all it does is irritate innocent bystanders.
Let's kill this stupid idea dead now. - ramaz, on 10/12/2007, -7/+13Intriguing - I'm trying it. But I do feel sorry for those who have been spoofed, who will receive the "delivery error" messages (as I have many times). I'm not sure that this isn't what happens with all of the spam - but if Alex is right, most of the bounces have to be accomplishing something.
- friend18, on 10/12/2007, -7/+12I didn't even know about the bounce feature until the last episode of diggnation. Great feature.
- orientis, on 10/12/2007, -2/+8What a brilliant idea.
I'm sure this will put an end to spam everywhere, and won't just increase the load on mailservers as they try for five days to put that 'bounced' email somewhere.
I'm sure in five days you won't receive a bunch of "I'm sorry, I couldn't find fgjkjfgknnsusu@mail.com. I've given up" messages.
FFS. If anyone didn't pick it up, this is sarcasm. It's a stupid idea and you're stupid for thinking it. Buried as wrong. - kalleanka, on 10/12/2007, -0/+6@frenzon
You are 100% right. God forbid idiots should start using this. It would result in that for every spam message that is generated, there would be one of these nonsense messages created.
People, please don't use this. We all know must of the "reply-to-addresses" are fake and other innocent people would suffer from getting your user-is-invalid messages. - cardoso, on 10/12/2007, -0/+5One of my domains was spoofed, I´m receiving a ton of mailer-daemons messages.
Replying or boucing is useless, spammers never use real emails, even the nigerian scammers sem from an account and give another one for reply. - Roger, on 10/12/2007, -1/+6You probably shouldn't be giving out your email address left and right then.
- ramaz, on 10/12/2007, -1/+4Yes, yes - ok guys, you've made your point. Good to have the perspective of mail server managers and those more intimate with the process than myself.
I succumbed to wishful thinking. Maybe it's partly because I had no idea the Bounce command was available. Maybe it's because of my desperate hatred for all things spam. (sigh)
I expect I'll see those re-bounced messages hitting me sometime soon. - ALastStair, on 10/12/2007, -0/+3"The problem is, who will receive our bounced messages?" Ah hem, that would be me.
A few years ago I signed into msn to the "ding-dong" of several hundred messages. "Whoaa why am I so popular now?" I wondered. Into the inbox, and I find I am now apparently a salesmen for a "popular penis enlargement medication." Uh huh, my parents wanted me to get an after-school job, but this? My inbox was full of returned emails that didn't make it out of the tubes. So I delete them, only find to find 1 is arriving almost every second, and so my inbox fills up within minutes (this was with the old small hotmail inbox size)
I couldn't figure out how to auto-delete them, so I emailed hotmail help who promptly replied with the solution. Apparently my email address (which is PG in case your wondering) was appended as the sender by the spammer, so I got all the replies. Looking at the address it was being sent to it looked like an algorithm was just going through all reasonable permutations of the alphabet. It it was still on "A"
So, to those of you who bounced those spam messages, thank you for the several hundred replies, I had quite the business going for awhile it seemed. - beejay54, on 10/12/2007, -1/+4I hate to be one of those guys who spams his blog but I recently tried something called greylisting on my mail server and I can't get over how much spam it cuts down.
If you're interested you can check it out my experience with it:
http://www.resolutionim.com/content/blog?blogPost=10
Or just skip my ramblings and check out:
http://www.greylisting.org - orientis, on 10/12/2007, -0/+3The most basic understanding of how email works should tell you this is a stupid idea. I thought Digg was full of techies, this kind of crap shouldn't make it to the main page.
- foolfromhell, on 10/12/2007, -1/+4Only tens of spam? I get atleast 700 a day! And most of it goes to my junk, but only like 50 get into my inbox (I use gmail)
- PsychoPNut, on 10/12/2007, -0/+3Why does everyone keep saying the same thing?
- rickcarson, on 10/12/2007, -5/+7Nice tip. I wonder if it works with Gmail.
I use Mail.app to read my Gmail account, but Gmail is already very good about pushing spam into a spam folder, so I never even see it in Mail. I think I've only had one or two slip through in the year or so I've been using it (which is about how many false positives I got in that time). - Netmindstorm, on 10/12/2007, -1/+3@cliffzdude
Excellent post and information.
Comment++ - wallen3, on 10/12/2007, -0/+2Check the spelling on your blog....
- inactive, on 10/12/2007, -0/+2wheres the option to bounce stupid blogs like this?
this guy writes this just cause kevin mentioned it last week., - lightningrod220, on 10/12/2007, -0/+2Now if only that could work on party invites on Facebook, or to avoid the annoying person who keeps trying to add me as their friend...
- quiksliver, on 10/12/2007, -0/+2I wouldn't use them as much for spam as I would for people I didn't like or tried to avoid, for example if some really annoying guy invites to some party every weekend just bounce it and when he asks why you didn't come I'd just say i never got it
I dunno sounds kinda lame but when I heard about this feature on diggnation thats the first thing that came to my mind - sk1d, on 10/12/2007, -0/+2I'd advise against this. I tried doing this for a while and my ISP shut down my access to my email because they said I was sending too many emails that couldn't be delivered and assumed that I had a virus. I tried explaining to them I don't have a virus, that I have all Mac's at home, but they didn't get it and I had no email for a week.
- oookye, on 10/12/2007, -0/+2Spam don't even get to my mail.app
I have my hosting providor forward all mail from my main address to gmail, then have gmail forward mail to a private imap mailbox. this way, gmail acts as a archive and a spam filter, and webmail when i do need it, and use mail.app as my primary mail.app reader. Works like a charm - maswell, on 10/12/2007, -0/+2@erwias
Uh, did you read this article? It was primarily written to combat a virus back in 2004. Like 1 or 2 points made in this article apply today.
Not that I agree or disagree with this whole bouncing spam debate, but I feel like this article doesn't add ammo to either side, really. - jjustice, on 10/12/2007, -0/+2Wow, you can find a critic of anything on Digg. Can't wait until someone posts a cure for AIDS. "Only a complete moron would actually use this." :-)
- webdwarf, on 10/12/2007, -0/+2Greylisting is a great idea, but if the mail isn't going to be received for about an hour after it is sent, it's not suitable for some folk.
- webdwarf, on 10/12/2007, -0/+1I've found the best solution for me is to use spamassassin, but I have a nightly cronjob set up that learns everything in my inbox as ham and everything in my junk mail folder as spam. I am using IMAP so this runs on the server side.
I then use Apple mails built in junk mail filter to automatically move mail it thinks is spam to my junk mail folder, and I manually move anything that gets though into the junk mail folder as well. The next time the cronjob runs it learns from this.
Also worth noting, is that if some spam makes it into my inbox and spamassassin learns that it is ham before I can move it into my junk mail folder, when I manually move it to the junk mail folder later on, spamassassin will forget that it is ham and learn that it is spam the next time it runs.
Once spamassassin has learnt from a spam, you can delete it and it will continue to remember it, however I save my spam so that I can teach other spamassassin's to learn from it. I currently have 7070.
I receive about 100 spam a day, and I only get about 1 spam a week that makes it into my inbox.
I am using a shared hosting provider that gives me SSH access, and my crontab looks like this:
0 23 * * * sa-learn --mbox --ham /var/mail/jrb > /home/jrb/.cron.log 2>&1 && sa-learn --mbox --spam /home/jrb/mail/Junk > /home/jrb/.cron.log 2>&1 - Sonic84, on 10/12/2007, -0/+1I'm reading a lot of reasons why bouncing spam isn't good, but does anyone have any good ideas about how to kill off spam? besides taking down the spammers I mean.
- dDuk, on 10/12/2007, -1/+2Hang on , if most emails contain spoofed email reply-to's what's the point in them sending them out? Surely they want people to reply. surely they want to actually get some gullible idiots to buy vi@gra etc...
- johnfoster, on 10/12/2007, -2/+3DO NOT DO THIS! DO NOT DO THIS! DO NOT DO THIS!
After doing a test I got back all the bounces that I bounced. Then the flood started. - CeeAyy, on 10/12/2007, -0/+1The problem is that there is profit in spam. If we didn't have so many stupid people in the world who actually RESPOND to these emails and buy these products, we would be better off. Spam exists because it works. If the companies who profit from spam could be held responsible that might help the situation. Maybe I'm naive...
- winnopeg, on 10/12/2007, -1/+2http://winnopeg.com/archives/156/bounce-unwanted-email-with-mailapp/
Nothing new. - NikZ, on 10/12/2007, -1/+2To be fair, it has been in Apple's Mail.app "forever" too, but it has recently garnered interested due to Kevin's mention of it in the latest Diggnation.
- sirdaz, on 10/12/2007, -0/+1This bouncing back has been around for ages, years infact If I remember rightly. I can just about remember some sort of plugin for outlook when I used it.
As many other people have commented though, it really is a BAD IDEA. More congestion and your bounced back email will only be recieved by another person that hasnt a clue what its for. - NikZ, on 10/12/2007, -0/+1Not to be mean or anything, just mentioning since you asked, but you were probably dugg down because herrshuster already mentioned that higher up in the comments approximately 8mins before you did.
- CeeAyy, on 10/12/2007, -0/+1Using Gmail is a much better alternative to bouncing spam. I get ONE piece of spam every few days. Usually I get none. I use Mail to automatically retrieve my mail from the Gmail website and just call it a day. Any spam that I do get is sent directly to my trash via rules and is eventually automatically deleted after a week. I check the trash every once in a while to double check for mail accidentally marked as spam.
- innate, on 10/12/2007, -0/+1A properly configured server should almost never have to send NDRs. If your queue is clogged it probably indicates you are using Microsoft Exchange Server, and that it is configured in its stupid default mode, where it accepts *all* messages and then sends bounces for those that were for non-existent addresses. In addition to sending bounces to forged addresses, it also double-taxes your own bandwidth. Instead, configure it to reject mail outright at the SMTP RCPT stage by checking incoming messages against Active Directory. That way you never have to send NDRs, because you never accept mail you can't deliver.
Oh yeah, the reason it accepts all messages is to protect you against what Microsoft calls a directory harvest attack -- apparently something that naive admins think is a problem. It's much less of a problem than the bounce problem it causes. What's more, accepting all messages *doesn't* protect you against a directory harvest attack! Using a legitimate or 0wned return address you can compare NDRs to see which addresses were valid. It's a stupid "security" feature that makes people feel safe who don't know what they're doing. Fortunately you can change Exchange Server to use sane settings. - JazzAddict, on 10/12/2007, -0/+1This tip doesn't work very well. In fact. It can cause more spam. For the spammers who do actually use there own email addresses to spam so they can track replies and bounces, they have very smart automated systems to see whether you email address doesn't really exist or if you are bouncing messages. For instance if, If they send you a piece of spam at 7:00 AM, 7:15 AM, and 7:30 AM, and then you bounce them all at 7:45 AM, they will know that you bounced their spam because all 3 messages were returned to them at the same exact time. This will flag your address, and just provoke them (and their spamming buddies). At the least they'll bounce you back and you'll have a lot of 'error return' messages in your inbox, or worst case, they decide to become more aggresive with you, and began focusing on beating your spam filter. Spamers can easily profile your spam filter. Every time you interact with them they get more data, and get better at what they do. I'd stick with a really good spam filtering tool. Spam sucks.
-
Show 51 - 89 of 89 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is