North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a note to those who would automate their rejection notices

  • From: Doug Luce
  • Date: Sat Dec 27 17:10:52 2003

This reminds me:

I'm scared to death of false positives.  So much so that every email that
triggers a positive from Spamassassin (i.e. several thousand spams a day)
gets a response.  It tries to be as polite as possible, both by being
good-natured in tone and by both a "Precedence: bulk" header and an
application-specific X-header to break loops.

It's worked well enough for me to plan an implementation for an email
system I run (servicing about 70k users).  There are no real anti-DDOS
provisions in it that would prevent someone from sending several million
messages with a forged SMTP envelope to flood someone's mailbox
quasi-anonymously.

I haven't ever heard of this sort of system being used.  Other than the
obvious problems (like above, and the fact that it generates a LOT of mail
that's going nowhere).  Does anyone know of a precedent?  Or wants to pick
apart the idea in terms of community effect?

Thanks,

Doug