Short answer: YesBarks wrote:I see so for the last five years FireTrust has produced MailWasher Pro with a bounce facility to help spammers?
Bless.
This deserves a bit of background to be fair. Actually back when Firetrust first offered the bounce option ( maybe v2? my memory fails me ) it was quite effective and could contribute to reducing your incoming spam. About the v5 time-frame spammers started to adapt and it became iffy to use bouncing as the spam it helped stop was falling off while the problems it was causing innocent bystanders were increasing. By the time v6 came along bouncing was almost an unmitigated bad thing as far as spam went, a minor use existed for bouncing non-spam but unwanted e-mail. Even that was limited in use to bouncing from stupid people that couldn't tell the bounce was forged.
Mailwasher has taken many a beating in anti-spam forums over the years and is actively campaigned against as a spam blocking tool by many spam fighters as it does make doing bad things to innocent bystanders so easy. The decision to keep the bounce was not done by the technical experts at Firetrust but by the marketing weasels who would trade their self respect for another tick-mark on a clueless review site.
You don't need to trust me on this, check it yourself. The easy route is to open a free spamcop.net account and paste the spam source into the reporting form with the "show details" box ticked. Once you click the report button you will be presented a true picture of where the message came from. Of the pile I report every day it is rare to see one that isn't forged.
You can also read your ISP's acceptable use policy and see how they feel about forging e-mail messages. Here is a bit from my ISP: (bolding mine)
http://ww2.cox.com/aboutus/policies.cox ... Use_Policy
CAN-SPAM for US residents forbids header forgery.1. Prohibited Activities. Prohibited Activities. You may not use the Service in a manner that violates any applicable local, state, federal or international law, order or regulation. Additionally, you may not use the Service to:
Take part in any fraudulent activities, including impersonating any person or entity or forging anyone else's digital or manual signature.
*
Invade another person's privacy, stalk, harass, or otherwise violate the rights of others.
*
Post, transmit, or distribute content that is illegal, threatening, abusive, libelous, slanderous, defamatory, promotes violence, or is otherwise offensive or objectionable.
*
Restrict, inhibit, or otherwise interfere with the ability of any other person to use or enjoy their equipment or the Service, including, without limitation, by posting or transmitting any information or software which contains a virus, lock, key, bomb, worm, Trojan botnet, cancelbot, or other harmful feature.
*
Pretty sure the forged return address would meet the second rule.
Dumping your spam on an innocent bystander is surely harassing them.
You sending someone your spam will likely include plenty of objectionable content.
Helping a spammer pollute a user's inbox with thousands of spam bounces surely cuts back on enjoyment.
You are sending spam with the bounce and the innocent bystander surely didn't request it.11. Electronic Mail. You may not use the Service to send bulk, commercial or unsolicited ("spam") email messages. Any unsolicited email, originating from any source, must not direct recipients to any website that is part of our Service, such as personal web pages, or other resources that are part of the Service. The Service may not be used to collect responses from unsolicited email sent from accounts on other Internet hosts or email services that violate this Policy or the acceptable use policy of any other Internet service provider. In addition, "mail bombing," the sending of numerous copies of the same or substantially similar messages or very large messages or files with the intent to disrupt a server or account, is prohibited.
You may not reference Cox in the header or body of an unsolicited email, or list an IP address that belongs to the Cox network in any unsolicited email. Further, you may not take any action which implies that Cox is the sponsor of any unsolicited email even if that email is not sent through the Cox network. Further, forging, altering or removing electronic mail headers is prohibited.
It is mail-bombing when an innocent bystander opens their inbox to thousands of bounces, sure you only sent a few but you are helping the spammer who intended to send the thousands.
The bounce forges your ISP's reserved address to the bounce.
Directly prohibits forging a bounce message in the last block.
