[Dshield] PDF Spam Wave

Tom dshield at oitc.com
Thu Aug 9 16:59:24 GMT 2007


At 11:59 AM -0400 8/9/07, Valdis.Kletnieks at vt.edu wrote:
>Content-Type: multipart/signed; boundary="==_Exmh_1186675196_3128P";
>	micalg=pgp-sha1; protocol="application/pgp-signature"
>Content-Transfer-Encoding: 7bit
>
>On Thu, 09 Aug 2007 11:27:10 EDT, Tom said:
>
>>  I beg to slightly differ.  If you know you want to reject, send a
>>  5xx. To many servers are sending 4xx when they really mean 5xx. 4xx
>>  just causes a valid mailserver to continue to retry thus delaying the
>>  proper handling of mail that was truly rejected by the recipient.
>
>Actually, sending a 4xx back rather than accepting *can* make sense, if
>the bounce you'd have send back was a "mail delayed" bounce (because your
>LDAP server hiccuped, etc).  And yes, I *do* see a fair amount of "Unable
>to send mail for XX hours" blowback.
>
>Also, 4xx replies are heavily used by greylisting schemes.

True, 4xx has its place but as I said we have seen many (AOL comes to 
mind) where the server knows its spam (we notice this for example on 
an account forwarded to AOL where the text on the 4xx indicates that 
the content was rejected) but still returns 4xx causing our server to 
retry for days before giving up. This is not what 4xx was designed 
for and just delays anyone/anything doing anything about the 
problematic mail. I have no idea why one would configure their 
servers for this non standard behavior.

Tom


More information about the list mailing list