Bouncing or Not Bouncing

[Lode]

I had posted on the SpamCop forum that I was thinking of using MW's 'bounce' feature:
-------------------------------------------------------------------------------------------------------------
Hi!

I have been playing with the idea to just get a new email address from my ISP to stop getting all that spam.

But what would happen then to all that spam I received before? It would be bounced back, right?

If that would be so, maybe by having my MailWasher -besides having it forwarded to SP- also bounce the spam back, the original source would get all these 'bounced back' messages. He might then think that it is but a trick and see it as a confirmation that my email address exists. But I don't see what difference that would make. Unless it would make him pass it on to others as a confirmed existing address.

But even if that would result in me getting more spam, maybe so much the better: I would have more to report to SP.

Yet it could also be that the spammer -if he would be the one to get the bounce back emails- believes the address doesn't exist (anymore) and deletes it. Or get fed up with all those bounce back messages, and only for that reason deletes my address.

I don't know how all that works. Maybe it would continue because I would get it forwarded from infected computers anyway...

I am willing to find out and play the guinea pig for this little experiment. If things would get out of hand, I can always change my email address.
-------------------------------------------------------------------------------------------------------------------------------------------
These where the responses:
-------------------------------------------------------------------------------------------------------------------------------------------
rconner Aug 5 2011, 01:44 PM
Advanced Member
Post #2

Interesting idea, but you want to be careful -- spammers practically never use their own e-mail addresses as return addresses, so they never receive bounces. Indeed, they usually forge other people's addresses into these fields, so it turns out that some poor guy who had nothing to do with the spam gets all the bounces.

-- rick
-------------------------------------------------------------------------------------------------------------------------------------------
SpamCopAdmin Aug 5 2011, 02:22 PM
Post #3
SpamCop Staff

QUOTE(Lodewijk @ Aug 5 2011, 05:11 AM)
"maybe by having my MailWasher -besides having it forwarded to SP- also bounce the spam back, the original source would get all these 'bounced back' messages."

No, no, no. You shouldn't do that.

The "From" address on spam is virtually *ALWAYS* either fake or forged. Having MailWasher "bounce" the spam will send the bounce to the innocent bystander whose email is being forged. Very bad. You definitely don't want to do that.

On the other hand, changing your address so that your old, spam-infected email address is no longer valid, is a good idea. That way, when the spammer tries to send you his email, your ISP will reject it, which will cause the spammer to have to deal with the bounce.

- Don D'Minion - SpamCop Admin -
- service[at]admin.spamcop.net -
--------------------------------------------------------------------------------------------------------------------------------------------
My reply:
--------------------------------------------------------------------------------------------------------------------------------------------
"Thank you both very much. No bouncing it is then.

Now it looks like I have to decide:

To stop getting those spam and malware emails by changing my address -and have the spammers dealing with the bounces- (attractive idea).

Or: continue to receive the unwanted emails, but also with reporting them to SP.

I'm sticking with the last option.
I don't mind spending 10 minutes 3 times a day to report all of it."
http://forum.spamcop.net/forums/index.p ... entry78550


I'm glad I finally fully understand why BOUNCING BACK SPAM is not exactly a good idea... and !

[stan_qaz]

The spammers won't be dealing with the bounces, that turned out to be a time waster for them years ago and they send most of their bounces to innocent bystanders these days. ISPs of any quality do not bounce because it just doesn't work, what they do is issue an SMTP REJECT code during the connection. Then your server (that knows who you really are and isn't fooled by header forgery) will send you a notification of non-delivery.


If you find that your spamcop reporting is taking too much time contact Don at Spamcop.net and ask him to enable quick reporting for you. You will need to have done the spamcop-mailhosts setup first though. Once you have that enabled send any reports that do not contain URLs in the body to the quick. spamcop address and ones that do have URLs to the submit. one. In MW 2011 I made two reporting icons, Q and F to make this easy, it isn't easy in v6. The quick reports will go through without you having to bother with the confirmation web page saving a good bit of time. I'm seeing about 8 out of 10 spam messages without URLs so quick reporting is saving me a good bit of time and fuel. Also if you are submitting a lot and paying for spamcop fuel you can start an unfunded account for quick reporting as you won't have to deal with the delays you see with unfunded full reports.


Aside from the things they mentioned about bouncing:

If the person you bounced a real e-mail to (like an ex-friend) isn't a real idiot they will see the bounce is a fake, that gives them lots of options, none good for you.

A innocent person that gets a forged spam bounce from you can report it to your ISP (even do it using spamcop.net) abuse department and ask to have your account terminated for spamming them, they also have the option to complain about mail-header forgery. The ISP admins on the bouncing account will also be subject to having their SMTP server blacklisted, mail admins hate that and will be very unhappy with the person that disrupted the entire ISP's customer base's ability to send mail.

If your bounce should go to the spammer it usually goes there for one reason, they are looking for e-mail addresses and/or IP addresses for some purpose that you really don't want to be involved in. Would you give a mugger your home address, that is a valid comparison to giving a spammer your IP address.

If you bounce to a truly evil person that is tired of fake bounces (me for example) they will do all the abuse reporting above and follow up on it. But then they will do something truly awful, they will post your e-mail address in a few places across the Internet where spammers will find and harvest them. I even found that it works better if you block search engines from the address listing page because then the folks listed there can't find you to ask for removal or complain to your web host about the list. I enjoy this so much my first set of filters is dedicated to finding fake bounces just so I can take my revenge on the person that unloaded their spam on me!

Bottom line report to the places discussed in the sticky post in the 2011 forum and never bounce!

On the other hand you can bounce to me, the cat will appreciate you giving me something to do rather than torment it and I love chatting with mail administrators. :-)

[Lode]

Thank you for the explanation.

I confess on my knees tormented by guilt that during the short period between my announcement that I was willing to play guinea pig, and getting the responses on the SP forum, I bounced maybe a dozen 'Western Union' and 'Money Transfer' emails containing malware attachments and a few 'Viagra's' with URL's...

But of course as soon as I saw the responses I disabled 'bouncing' again in MW's 'Learning', 'Recognizing spam', and 'Origin of spam.'

Until then I mistakenly thought that I could do no harm to anyone but myself, and only by getting more unwanted emails. Which I planned to report of course if that would happen.

I hope no harm is done...

I report about 3.5 mails per minute, including having them forwarded to knujon-coldrain. Three times a day 10 minutes covers all I get.

Just like you, I only get a few with URL's to spamvertized sites. The great majority has malware attachments only.

I still don't fully understand everything about quick reporting. But if it would considerably increase the reporting speed I mentioned -35 in 10 minutes- I would be interested in utilizing that option and learn how to do it.

Is it possible to do it with the free MW version I am using?

[stan_qaz]

Quick reporting for v 2011 is explained here: http://forum.firetrust.com/viewtopic.php?f=50&t=10200 the reporting process is the same for 2011 or v6. The difference will be that 2011 program allows multiple reporting accounts to be set up unlike the v6 that will only allow one reporting address to be used at a time.

You can switch to quick reporting in v6 for the bulk of your spam in v6 and use the copy from source view and paste to the spamcop.net web page for the ones you want to do a full report to. With your mix that might prove to be a time saver overall.

[Lode]

Thank you again.

"Quick Reporting" is the mode of reporting in which ONLY the source of the spam email is reported to the determined spew source and the SCBL. Other things such as spam websites in the body of the spam email etc., are not reported."

Since I have SP forward the reports to knujon-coldrain -which uses the URL's in the body of the spamvertized website I gather- I prefer to keep using the 'Full' mode.

"Quick reporting can be very DANGEROUS. If everything is set up properly, and if it works correctly; it is great."

If I knew well what I was doing, the above would not scare me in the least. But not understanding about 70% of the technical terms and explanations, I choose to play it safe.

Thanks for clearing this up for me.

[stan_qaz]

The reporting to Spamcop and KnuJon is a problem with the old v6 MW, fixed in the 2011 version as well as allowing reporting to many other sites.