Jump to content

Recommended Posts

Posted

Sorry, I know this has been covered in other posts, but I am feeling particularly dense today and want to make sure I understand what I read in those other posts.

 

It *used* to be that

 

:fail: would accept mail, find no such address, and bounce it back to the sender, thus double-using bandwidth

 

but

 

:blackhole: would accept the mail and just dump it, so the cost to bandwidth was just the original sent message

 

But at some point (fairly recently?) the server got changed, so that

 

:fail: doesn't even accept the mail now, and thus completely eliminates(?) bandwidth use

 

while

 

:blackhole: accepts the mail and then dumps it, so it still costs the bandwidth for receiving the mail

 

Do I have that right?

 

So :fail: actually uses less bandwidth now, or at least less server processing. And it has the added benefit of letting the sender know the address is invalid, which might get the spammers to drop some addresses off their lists, further decreasing spam/server resources.

 

And the servers are now set to rewrite all user accounts anyway, aren't they? So even if one of us tries to use :blackhole: it gets reset to :fail:?

 

 

Again, sorry, I am trying to put all this together from several posts. And my brain's a little fried from other stuff that's going on; I stared at my shoes the other day trying to remember how to tie them... :dance:

 

Make two bunny ears... the bunny runs *around* the tree...

Posted

This should be the correct one I believe:

:fail: doesn't even accept the mail now, and thus completely eliminates(?) bandwidth use

 

while

 

:blackhole: accepts the mail and then dumps it, so it still costs the bandwidth for receiving the mail

Posted
So :fail: actually uses less bandwidth now, or at least less server processing. And it has the added benefit of letting the sender know the address is invalid, which might get the spammers to drop some addresses off their lists, further decreasing spam/server resources.

 

One problem with that is what is called a Rumplestiltskin attack, where bots send out emails to every_possible_address@******. The ones that DON'T bounce get added to their spam list as good email addresses.

 

I tracked several of these attacks in the mail server logs when I was running my own server. It is a lot like a dictionary password attack where they try all known names and words as possible addresses at your domain. However, they also use email addresses previously encountered. For example. If they have the address "peter43218@aol.com", they will try "peter43218@******"

 

This always comes up in discussions of whether it is better to blackhole or fail. Both methods have pros and cons. I know there are ways to fight Rumplestiltskin attacks and TCH may have something in place. I have a fairly simple email address and I don't get any spam at all so I don't think it has happened on my current domain.

 

Lee

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...