![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: The issue of bounce versus reject
John E. Malmberg
wb8tyw at qsl.network
Tue Feb 28 22:57:54 EST 2006
Kenneth Brody wrote:
>
> Optimum Online blocks outgoing SMTP connections, so it is not possible
> to talk on port 25 to anything other than "mail.optonline.net". I'm not
> sure about port 465.
And even if they did not, most mail server operators will not accept a
connection from a known dhcp pool, and it only takes one spam run to get
a dhcp pool mapped.
<snip>
> In short, the only thing their SMTP server knows about you is the IP
> address that their DHCP has assigned to you, and (I suppose) the MAC
> address of your cablemodem. Their setup means that they have no way
> of knowing your true "from" address, and it also requires that they
> cannot reject e-mail from you at the SMTP level.
That is correct, but mail from you in their I.P. space is outgoing from
what should be a trusted source to their SMTP server, so they should
trust you to provide a valid return e-mail address to send the bounce or
DSN to.
It does not matter if you are feeding their mail server with your own
mail server, or with a e-mail client program.
I send e-mail through my broadband ISP, and other mail servers that I am
authorized to use, using my qsl.net e-mail address all the time. If the
recipient mail server does not exist, or otherwise rejects the e-mail,
my ISP will generate a DSN to my qsl.net e-mail address, which will be
received by it's MX and then relayed to back to me.
So there is no problem with outbound relaying and SMTP rejects as long
as you have valid information in your header. It is normal for that DSN
to be generated, and unless you are forging sending addresses that do
not belong to you, it will not be backscatter. And of course you would
not report a DSN for something your internal mail server relayed though
a smart host as an intentional e-mail.
The issue comes up on incoming e-mail from others that you do not want
to accept. If port 25 is blocked, you can not run an incoming mail
server, so that mail needs to be relayed to you by another mail server
that is exposed to the internet.
To prevent backscatter or silent deletion of messages, that mail server
must do all the spam rejection, and also have a list of valid e-mail
addresses that it should accept e-mail for. It also needs to be able to
handle the case of your mail server having a problem.
In my case, qsl.net has aggressive spam filtering and the mail server
seems to do a probe of the mail server my e-mail ends up to verify
delivery before it completes the SMTP transaction. Unfortunately the
last time that there was a problem it appears that they were rejecting
with a 5xx code instead of a 4xx code on that condition.
I also have port 587 encrypted SMTP AUTH available to me from one of my
e-mail providers that I can send e-mail out claiming to be from any of
my valid e-mail addresses.
So I have two e-mail server providers that I can use in the event that
one of them has an outage.
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the SpamCop-List
mailing list