SPAM with sender same as recipient

[Ron]

I just got a "mail delivery failed" email from exim on my server.

The email was accepted by my server apparently from telecomitalia.it.

exim then ran it through SA which scored the email at 71 points.
But then it bounced the email.... to me, complete with the scoring in the header.

So... is exim bouncing spams outside of the network, or did it just get confused because my account is local?

[Gwaihir]

I've been getting these for months. That is: spam mails for me that bounce to me as the "sender". They're usually a few days old. I had a discussion about it with support back then. They explained this has to do with a change in mail routing on the servers, which IIRC was done for efficiency reasons. More of the delivery and scanning stuff is now done after the mail was accepted by the server instead of while the connection from the sending system is still open. As a result when the server tries to bounce them it eventually figures out it has no place to send them back to other then the listed from address.

The bit of crap it causes in the inbox is but a minor thing for me, but I do regret that there's no longer a signal going back on these. That is: even (some) spammers care about the quality of their address lists (for various reasons), so sending back an immediate bounce just might help cut down future spam to that address. That's not happening now.

[Ron]

You shouldn't bounce spams, it allows for reflected spam and gets your server listed as a spammer. I don't even like the thought of bouncing no-such-addresses for the same reason. Certainly shouldn't bounce things that FAIL SPF (d'oh!).

I thought we had this discussion before, and the rationale (from Masood) for bouncing things was the connection was active, so it wasn't really a bounce, more like a rejection. Now we're bouncing stuff after the connection is closed?

Plus I wouldn't think you would want to bounce spams with complete SA explanations in them?

Just to be sure we're on the same page, over the last year or two there have been spams that look like mail delivery bounces that are spoofed --just another spamming tactic-- but this was an honest-to-goodness exim bounce.

[Gwaihir]

Ah yeah, sorry about messing up my terminology. What I'd LIKE to do is FAIL (reject) as much spam as possible at SMTP reception time, indeed, while the connection is still open. This directly informs the true sending machine of the failure and is indeed the only form of "bouncing" one ought to do with spam.

Yes, it does seem "we" are now bouncing some SPAM (bouncing as in trying to "return to (claimed) sender"). I hope it's only for "local" adresses. I've raised that same concern at that time: are we doing this just to ourselves, or to others too? I didn't get the impression that question was fully understood back then, but then again, support rarely elaborates in any reply. I guess / hope the rencent blacklisting episode has made sure they're on to it now though.

Yes, I am talking about real bounce messages. Next time one passes by, I'll see about SA explanations in there. But I think mine are dropped before it passes by SA, as mine have usually failed one of hand full of "hard" rules I've set via cPanel.

[Ron]

I'm away from my office ATM, but I'll post sanitized headers when I get back.

[Gwaihir]

Got one today. No SA stuff or anything else noteworthy in the headers, except perhaps that they start with "Return-path: <>".