[SpamCop-List] Re: How to 500 Bounce
nobody at spamcop.net
Sun Jul 11 17:56:10 EDT 2004
Paul Johnson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> "DC" <hee.haw at jack.ass> writes:
>>Saw this in another thread -- how exactly do I do a 500 bounce for my
> Do you run your own mail server? If not, the answer is "You can't."
Further note (sorry if it's late, I've been away):
Running your own mail server is not sufficient. You must be able to
control (or at least influence) the accept/reject policies of every
secondary MX server for your domain, as well as your own server.
It does no good for your server to reject an email at SMTP connect
time (the 500 bounce) if it is being forwarded to you by your
helpful backup MX server. If you set up secondary MX servers for
more reliable delivery of email (good if you're running a business),
then make sure that every MX for your domain is configured in
exactly the same way as the primary as far as accepting or
rejecting incoming email based in IP address (blocking lists),
or destination (User Unknown), or whatever other criteria you might
Every MX for a domain needs to accept or reject with the same
rules or it opens a back door.
And it is useless to generate a 500 bounce for email being forwarded
to you from your secondary MX. By then it's too late, it's been
accepted, and any bounce will likely go to an innocent bystander.
Make sure all your secondary MX servers have your full list of
legitimate recipients, and internal aliases/lists, and all that.
Keeping it up to date will probably require automation. But
most certainly it will require close cooperation between the
admins of the various MX servers for your domain. It helps if
you are running all of them, but on different nets!
Beware of ISPs that set up a secondary MX for your domain without
telling you, and without giving you any control over what they
accept while you are down to be forwarded to you later! It's
guaranteed that Spammy will send s/h/it's shit to that MX.
More information about the SpamCop-List