Thursday, 8. July 2004
PermaLink When should a machine respond to email?
Short answer: Never. For a longer answer, read on.

Here's the basic premise:

Once you have accepted an email and placed it on a local delivery queue, the final disposition of that message is your responsibility alone.

Given the trivial ease with which the apparent sender of an Internet email can be and so often is forged, any machine generated response to an inbound message is itself a potential spam. So if it turns out that you don't want an email you have already accepted, because:
  • it is spam
  • it contains a virus
  • it is too big
  • it contains banned content
  • the local recipient does not exist
  • ... or in fact for any reason whatsoever ...
... then you should silently remove it from the queue and either delete it or archive it.

Actually, while I am on, if you think you do want it but are out of the office for a while, don't send an Out of Office response either.

Why?

Because whereas in most cases a user will be able to tell on receiving an email whether it would be proper/sensible to respond, it is more or less impossible for a machine to make that distinction.

Thus if you configure your system, for example, to bounce messages that contain the word "belgium" (being the rudest word in the universe as you probably know), and some spammer forges randomly chosen hotmail senders in a spam run to your users with subject "Farm Girls in Belgium"... You end up bouncing every copy to a different innocent bystander. Morally this is little different to knowingly operating an open relay. Nice people just don't do it.

All very well, you say. But there is a lot of email that I simply don't want.

Me too. But the correct time to refuse email is during transmission, with a protocol 5xx response after MAIL FROM, RCPT TO or DATA. If it never hits a local queue, it is never your problem.

In most cases, making a decision about whether to accept an email during transmission is not difficult either.

  • You can tell whether the sending host is in a blacklist and deny a lot of spam (sure, not all of it, but most of it if you use the right lists).
  • You can reject a few viruses during transmission - the rest you must just silently delete.
  • You can decide whether it is too big (by turning on the ESMTP SIZE extension, about the only one I recommend you do turn on).
  • You can identify banned content with server mail rules and reject after the DATA phase.
  • You can even verify that the recipient exists.

Once you have accepted and queued it locally though, do anything you like with it except send a response of any kind. This message is finally beginning to get through to some of the biggest operators of email services and we are beginning to see signs of a general reduction in bounced spam and viruses.

Long may it continue.

Category: email best practice
Technorati:

Comments :

1. Jerry Carter13/07/2004 19:39:04


I hope you don't mind, I referred HONDA of America to your website for exactly this kind of thing (not with polite temperment)... I have a few friends there and I believe 1 in 5 emails has made it through their spam filtering without a bounce back over the past couple of years.



2. Chris Linfoot13/07/2004 20:22:24


You're welcome and I hope it works out for you.



3. Paul Inglis29/09/2004 06:29:40


I'm an email admin myself and you are 100% correct. Not only do these machine generated responses generate a large amount of junk traffic, they also encourage spammers by acknowledging that your mail server exists and received their mails.

I'd estimate that maybe 20% of our incoming mail is machine generated - 99.9% of which is junk. All of it is quietly deleted automatically.

I've noticed that some mail admins are so inept that they include the original attachments when bouncing virus emails - since these mails are almost inevitably from spoofed addresses all this does is spread the virus further. Even more amusing are tales of two badly configured mail servers bouncing emails back and forth from one to the other in an endless loop



4. Chris Linfoot29/09/2004 08:40:38


Thanks for the comment.

Yes, I've seen all those things you describe too (and written about most of them here).



5. Frank21/11/2006 14:21:52
Homepage: http://www.geotechcomm.com


Being someone who's e-mail was spoofed I do like seeing people who understand that if you bounce the messages than legit owners get hit hard. I actually got over 1000 NDR's in a 24hr period.



6. Ben Rose12/07/2007 14:46:57
Homepage: http://www.jaffacake.net


The sad thing is that it's the more public addresses that usually 'require' the auto-response. Those like the ones published in job advertisments.

*sigh*



Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Contact Me
email - Chris Linfoot
skypeme
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info


My Amazon wish list Wishlist


Wikio - Top Blogs - Technology
Like what I do?
Research Autism Then please consider a donation to support the work of Research Autism.
Idea Jam
Planet Lotus
Dilbert