I received email at...early this morning...saying:Your membership in the mailing list gs-devel has been disabled due to
excessive bounces The last bounce received from you was dated
02-Nov-2007.I've received email from that list for a couple of weeks with no apparent problem. Was there an email problem today?

The date line says "Fri, 02 Nov 2007 00:17:33 -0700" but there's no receiving server mentioned for that time, so I don't know what happened at that time, but here's the entire header:

Return-Path: <gs-devel-bounces@ghostscript.com>
Delivered-To: barry-a-t-polisource.com
X-Spam-Checker-Version: SpamAssassin 3.1.9-gr0 (2007-02-13) on
mx11.futurequest.net
X-Spam-Level:
X-Spam-Status: No, score=0.6 required=5.5 tests=NO_REAL_NAME
autolearn=disabled version=3.1.9-gr0
Received: (fqmail 13823 invoked from network); 02 Nov 2007 07:30:38 -0000
Received: from mx02.futurequest.net (mx02.futurequest.net [69.5.6.172])
by pt01.futurequest.net ([69.5.6.170])
with FQDP via TCP; 02 Nov 2007 07:30:38 -0000
Received: (qmail 19061 invoked from network); 2 Nov 2007 07:30:38 -0000
Received: from casper2.ghostscript.com (ghostmachine.transbay.net [209.133.53.61])
by mx02.futurequest.net ([69.5.6.172])
with ESMTP via TCP; 02 Nov 2007 07:30:37 -0000
Received: from casper2.ghostscript.com (localhost [127.0.0.1])
by casper2.ghostscript.com (Postfix) with ESMTP id C595F34C20B
for <barry-a-t-polisource.com>; Fri, 2 Nov 2007 00:17:35 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
From: gs-devel-request@ghostscript.com
To: barry-a-t-polisource.com
Subject: confirm 31e553d5e70293ed967066626b8d798b7bfaf0d1
Message-ID: <mailman.5429.1193987853.6554.gs-devel@ghostscript.com>
Date: Fri, 02 Nov 2007 00:17:33 -0700
Precedence: bulk
X-BeenThere: gs-devel@ghostscript.com
X-Mailman-Version: 2.1.5
List-Id: Ghostscript development <gs-devel.ghostscript.com>
X-List-Administrivia: yes
Sender: gs-devel-bounces@ghostscript.com
Errors-To: gs-devel-bounces@ghostscript.com

Barry,

It appears your SA settings are to blame as I see at least one bounce in todays logs for a message from ghostscript.com to you as a result of SA, which by the way is not recommended...
http://www.aota.net/forums/showthread.php?t=23269

2007-11-02 03:17:26.040580500 tcpserver: pid 25616 from 69.5.6.187
2007-11-02 03:17:26.040968500 tcpserver: ok 25616 pt01.futurequest.net:69.5.6.170:1021 mx14.futurequest.net:69.5.6.187::36513
2007-11-02 03:17:29.313419500 fqdpfront-fqmail[25616]: from <gs-devel-bounces@ghostscript.com> to <barry@munged.com> bytes 7203 rejected
2007-11-02 03:17:29.313477500 fqdpfront-fqmail[25616]: fqdeliver: SpamAssassin: Message scanned
2007-11-02 03:17:29.313518500 fqdpfront-fqmail[25616]: fqdeliver: Filter: b"Your email was detected as spam by FutureQuest's spam filters. This could be due to the email matching certain Realtime Blackhole Lists (RBLs). RBLs are lists of IP addresses or domains that are likely to send spam. It could also be due to the[...cut...]
2007-11-02 03:17:29.313543500 fqdpfront-fqmail[25616]: X-Spam-Status: Yes, score=10.4 required=5.5

You might want to edit your post above and mung your email address...

-Bob

I forgot I was bouncing. I changed it. I'd like to be able to bounce suspected spam only when the spammy email was authenticated. Would that be a good idea? Could a custom filter do that?

I'd personally just not bother with bouncing even authenticated spam. (I'm guessing that by "authenticated" you mean signed by DomainKeys or SPF or other similar sender-verification type of encrypted key signature?)

Even if the bounces did go back to the actual spammer, it seems they do not clean their lists at all or take any notice of bounces (i.e. they simply ignore the bounces and take no action at all based on their receipt).

So it is just causing more mail servers to do more work to no benefit.

It may be possible to write a custom filter to do this, but since the custom filter would have to verify that the authenticated key signature was in fact valid, it wouldn't be a very simple filter to write. I don't know of any example filters on this topic nor am I aware of anyone who has attempted to set up such a filter.

(I'm guessing that by "authenticated" you mean signed by DomainKeys or SPF or other similar sender-verification type of encrypted key signature?)Yes.

Futurequest gives a scary warning about deleting email that's marked as spam, but if I just redirect it I get more than I want to look through, even just the subject lines. I still like the authenticated spam bounce idea. It's the only good way to bounce mail. It will probably become the standard way to bounce mail some day now that authentication is so widely used. I don't want to create the filter, but if Futurequest does, it could attract customers and years from now when everyone's using it you could say you invented it.

QuestBounce, BounceRite, SmartBounce, or BOA (Bounce on Authentication)

"Feeling constricted by the flood of spam? Fight back with BOA!"
"Feeling constricted by your spam filter options? Fight back with BOA!"

I cannot imagine that there will come a time when FutureQuest will endorse any method or circumstances for bouncing spam.

Of course, that may just be due to the limitations of my imagination...

%)

I can't imagine someone like AOL complaining about someone who bounced spam, with a message indicating it's spam that was sent from that AOL account, to the AOL address it was sent from. That's basically a spam report of the type AOL has given Futurequest, except it's more useful because it contains the actual spam. Has AOL ever complained about bounced spam and actually held it against Futurequest when you pointed out that it was bounced spam?

Even if the actual spam isn't sent back, it would still help to send back the header with a message indicating it wasn't received because it was detected as spam, or even the message alone, and a status code to indicate it's been rejected, if possible.

In addition to requiring authentication to determine the proper bounce address, you could require the Spam Assassin score to be especially high before it's bounced.

I'm just guessing at what the problem might be though. High server load? Complaints from administrators of the bounce-to addresses? Authentication not being accurate?

I can't imagine someone like AOL complaining about someone who bounced spam, with a message indicating it's spam that was sent from that AOL account, to the AOL address it was sent from. That's basically a spam report of the type AOL has given Futurequest, except it's more useful because it contains the actual spam. Has AOL ever complained about bounced spam
Yes.

and actually held it against Futurequest when you pointed out that it was bounced spam?
Hunh? Pointed it out? You can't talk to them. They don't listen. How are we supposed to point it out?

I'm just guessing at what the problem might be though. High server load? Complaints from administrators of the bounce-to addresses? Authentication not being accurate?
As mentioned somewhere above... contributing to the general spam-blowback problem, among other things (which includes server loads, increased costs to maintain additional servers and administrate them, etc.).

Not helpful. No upside. Many cons.

I guess there are cons then, but the pros are it would help assure that people (important people, companies, government agencies, etc) know not to wait for a reply because their message wasn't received, and to send the email again or write a letter. And it could prevent me from missing important correspondence.

It may have prevented this (http://www.aota.net/forums/showthread.php?postid=121751#post121751) problem.

And some people actually order Viagra (but not me), you know.

I guess there are cons then, but the pros are it would help assure that people (important people, companies, government agencies, etc) know not to wait for a reply because their message wasn't received, and to send the email again or write a letter. And it could prevent me from missing important correspondence.
You're talking about something different, now. You're talking about bouncing desired/legitimate email. That isn't the same as bouncing spam.

Well, that's what I meant. A filter could only guess whether spam is spam. I want to bounce email that was detected as spam mainly because it might not be spam. A secondary benefit would be to notify the sender that spam was sent from his account in case he doesn't know.

Yeah thanks a lot for bouncing spam from a shared server and pool of I.P.'s. If that's what you're talking about :)

Yeah thanks a lot for bouncing spam from a shared server and pool of I.P.'s. If that's what you're talking about :)I'm not sure what that means, but I don't want to get Futurequest blacklisted or anything like that. If that's a possibility then someone has to be more aggressive in straightening AOL, etc. out, so they know when the spam was theirs and that it's a spam report that was sent to the appropriate address.

Futurequest is considered a better web host than AOL is an ISP and what Futurequest says on behalf of the web hosting industry would hold some weight. AOL penalizing Futurequest because of an appropriate spam report makes the spam problem worse. Bouncing email that was detected as spam, with a spam notice, to the authenticated email address helps assure that false positives from the spam filter won't make someone miss something important. It's important for the web hosting industry to take advantage of authentication in this way and if AOL won't play fair when this is brought to their attention, and especially if there's no way to communicate with them when they penalize a web host, then someone should make them play fair with an injunction or a new law.
You can't talk to them. They don't listen. How are we supposed to point it out?If AOL penalizes you for what they think is spam but what was actually a spam report implicating them and you contact them at the best address you can find and they don't take corrective action, sue them.

Can't an email be scanned and if it's spam a "rejected as spam" status code sent to the authenticated address instead of the email itself, plus maybe an email that includes the header of the spam? Then the sender of the spam will have enough information to look into which email wasn't received even though he wasn't sent the email itself. I assume most people have "sent" folders. That's really all I want.

"The best is oftentimes the enemy of the good."
I found it in http://en.wikiquote.org under 'Voltaire' and under 'Russian Proverbs'??

In other words, AOL should listen to the better ISP's, and maybe it will if we all become as idealistic as that sounds because then that wouldn't be idealistic that would be consensus, but it likely won't.