[cobalt-users] Re: Bounce it based on Content

[Charlie Summers <charlie@xxxxxxxxxx>]

At 1:03 PM -0400 6/11/03, Mike Palamar is rumored to have typed:

> I wouldn't bounce back spam emails via procmail.

   Mike is ABSOLUTELY right; bouncing back email post-SMTP transaction
doesn't make any sense at all for spam fighting (it may or may not have
limited uses for other issues). Certainly anyone who operates a mail server
has seen "returned" spam mail that didn't originate anywhere near one's
machine. My personal "favorites" of late are the automated "You sent a virus"
warnings being delivered to various role accounts (and probably client
accounts as well); of course every virus worth its salt munges both From:
header field and envelope sender, so any "warning" can only be effective if
sent to the infected person's ISP, and then only if that ISP is willing to
check logs to determine who _really_ needs to be notified. I've gotten to the
point of blocking machines who send automated misdirected viral warnings from
connecting to our servers until they stop.

   Until someone comes up with a good method of checking the content of a
mail message _during_ the sendmail BODY transaction, bouncing back spam will
only generate more wasted bandwidth for you _and_ the innocent target,
without really accomplishing anything. Once sendmail hangs up, keep the spam
locally either in a spamdrop or /dev/null.

         Charlie (who felt this topic important enough to make a
                   rare list post)