owatagal Posted June 2, 2005 Posted June 2, 2005 Sorry, I know this has been covered in other posts, but I am feeling particularly dense today and want to make sure I understand what I read in those other posts. It *used* to be that :fail: would accept mail, find no such address, and bounce it back to the sender, thus double-using bandwidth but :blackhole: would accept the mail and just dump it, so the cost to bandwidth was just the original sent message But at some point (fairly recently?) the server got changed, so that :fail: doesn't even accept the mail now, and thus completely eliminates(?) bandwidth use while :blackhole: accepts the mail and then dumps it, so it still costs the bandwidth for receiving the mail Do I have that right? So :fail: actually uses less bandwidth now, or at least less server processing. And it has the added benefit of letting the sender know the address is invalid, which might get the spammers to drop some addresses off their lists, further decreasing spam/server resources. And the servers are now set to rewrite all user accounts anyway, aren't they? So even if one of us tries to use :blackhole: it gets reset to :fail:? Again, sorry, I am trying to put all this together from several posts. And my brain's a little fried from other stuff that's going on; I stared at my shoes the other day trying to remember how to tie them... Make two bunny ears... the bunny runs *around* the tree... Quote
TCH-Thomas Posted June 2, 2005 Posted June 2, 2005 This should be the correct one I believe: :fail: doesn't even accept the mail now, and thus completely eliminates(?) bandwidth use while :blackhole: accepts the mail and then dumps it, so it still costs the bandwidth for receiving the mail Quote
owatagal Posted June 2, 2005 Author Posted June 2, 2005 I thought so--Just wanted to make sure. Thanks! Quote
MikeJ Posted June 2, 2005 Posted June 2, 2005 Yes, the :fail: change is correct as of a year ago. Quote
Striver Posted June 2, 2005 Posted June 2, 2005 So :fail: actually uses less bandwidth now, or at least less server processing. And it has the added benefit of letting the sender know the address is invalid, which might get the spammers to drop some addresses off their lists, further decreasing spam/server resources. <{POST_SNAPBACK}> One problem with that is what is called a Rumplestiltskin attack, where bots send out emails to every_possible_address@******. The ones that DON'T bounce get added to their spam list as good email addresses. I tracked several of these attacks in the mail server logs when I was running my own server. It is a lot like a dictionary password attack where they try all known names and words as possible addresses at your domain. However, they also use email addresses previously encountered. For example. If they have the address "peter43218@aol.com", they will try "peter43218@******" This always comes up in discussions of whether it is better to blackhole or fail. Both methods have pros and cons. I know there are ways to fight Rumplestiltskin attacks and TCH may have something in place. I have a fairly simple email address and I don't get any spam at all so I don't think it has happened on my current domain. Lee Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.