[sf-lug] SMTP - spam - accept and discard?
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Sat Feb 9 12:24:17 PST 2008
> Message: 2
> Date: Wed, 30 Jan 2008 23:04:26 -0800
> From: Rick Moen <rick at linuxmafia.com>
> Subject: Re: [sf-lug] postfix config question
> To: sf-lug at linuxmafia.com
> Message-ID: <20080131070426.GA11662 at linuxmafia.com>
> Content-Type: text/plain; charset=us-ascii
>
> (Short version: Stop bouncing spam. 550-reject it, instead. Speakeasy
> really should have suggested that rather than accepting and discarding,
> which is dumb.)
Though there are many valid arguments against "accept and discard" of spam,
there are also some arguments / schools of thought for it - in some cases
with it's own advantages (and disadvantages).
One line of argument is that by accepting all - and discarding rather than
bouncing or rejecting spam - most notably targeted to invalid e-mail addresses,
by accepting - rather than rejecting - one then doesn't tell the spammers
which e-mail addresses are invalid - and thus also - by not rejecting others,
let them then also know which e-mail addresses are valid. It's a
semi-weak argument, as it has its various downsides too.
Another scenario where "accept all" (and discard spam) is more legitimate,
is in many types of more security hardened environments. To reduce risk,
particularly at Internet facing MTA layer, in many cases a small, compact,
hardened - but "dumb" MTA will do basic simple acceptance of everything
coming in, and essentially just "toss it over the wall" (typically queue
it to files) ... about all it would typically add is marking (typically via
Received: header) definitively the IP address it was received from.
By pushing all the more complex MTA logic away from the Internet facing
receiving MTA, that MTA is made much simpler, and generally much more secure.
Other programs (malware and spam scanners, MTAs, etc.) can then pick up
the queued files after they've passed through the hardened (but dumb) MTA.
In such a scenario, it's "too late" to reject e-mail to invalid addresses -
and they should then just be discarded (or at least not bounced, in any
case).
For better, or worse, some/many quite large providers use accept and discard
on invalid e-mail addresses. It may also possibly be useful in collecting
more data on spam ... though it's probably still very feasible to gather
most or all of that data and still reject (the reject can happen rather to
quite late in the SMTP conversation - e.g. after completion of the DATA
segment transmission).
More information about the sf-lug
mailing list