From: J C Lawrence <claw(_at_)kanga(_dot_)nu>
...
I've found that many (most?) sites are configured to silently drop
double bounces. Too noisy and not worth anybodies time.
Slightly to the contrary, since the very start of email spam I've found
that double bounces are useful in some ways. One is for samples of
unmitigated spam from soon to be blocked-on-sight-with-blackhole-routes
spammers.
A second use of double bounces is to detect defunct internal addresses.
ISPs and small organizations don't have this problem but larger outfits
often have groups creating and deleting accounts without coordinating
things with the outer firewalls, MX servers, and so forth. The
"backscatter" provided by spam is a handy check.
A third use is for potent spam traps. For various reasons, spammers
often latch onto never-valid addresses, and spam them forever. If
you sample double bounces, you're likely to find some good spam traps
for your body filtering systems, whether like the DCC or for training
"Bayesian" filters. For example, anyone with a short username that
has been exposed for a while probably has not only it but it without
the first or last letters on those "30,000,000 address" CDROMs.
"vj" has never been valid near me in the last 20 years at various
commercial domains, but it is one of my best spam traps.
When spammers give you manure, make compost.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg