Re: dealing with anti-spam bounces?

> OK most folk who've been following the spam thread probably know how my
> anti-spam filter works.
>
> I'd like to know if anybody has any good ideas for handling spam bounces.
> ie. bounce messages from my auto-responder hitting bogus addresses.

Well, if it's a known spammer, bounce the email with sendmail exitcodes.
No need to worry about those bouncing back.

        :0
        * ^From.*spammer
        {
                EXITCODE = 77
                HOST
        }

If you feel you need to bounce with an autoresponder, then see below.

> Do I have to keep track of every spammer I've responded to and trash any
> incoming spam bounces?
Well, sort of, by using a "X-Loop:" header.  I deal with it this way.  I
got the idea from <wotan(_at_)netcom(_dot_)com>.  All outgoing mail from any
autoresponders has my "X-Loop:" header in it (let me know if you need to
know how to do this). Any email coming in from (mailer) daemons gets
checked for the presence of my "X-Loop:" in it.  It's important to check
the headers AND the body for it because many daemons strip it from the
headers but leave the original email quoted in its (new) body.  If the
email contains my "X-Loop:" header in it, then it's a bounce of an
autoresponse and I trash it.  If the email doesn't contain my "X-Loop:"
header in it, then it gets placed into my mailbox.  Do bounced emails ever
get in my mailbox?  Yes, but rarely.


XLOOP="X-Loop: bodysurf(_at_)netcom(_dot_)com"
#
# Check emails from mailer-daemons.
#
:0
* ^FROM_DAEMON
{
        #
        # Check to see if daemon sent email is from something sent out by
        # my mailer-daemon (i.e., is my "X-Loop" header in the mailer
        # daemon's bounced-back body?).  If so, trash it.
        #
        :0BD:
        * $$XLOOP
        /dev/null

        #
        # No "X-Loop" from me means this *could* be interesting.
        #
        :0
        $ORGMAIL
}

> I my auto reply daemon adds headers in it's responds are any of those
> headers guarantted to be returned by the bounce message?
No, and that's why *rarely* one slips by.  Most of the time, this works
fine.

Lates!
---------------------------------------------------------------------------
Tim <bodysurf(_at_)pobox(_dot_)com>                          
mailto:bodysurf(_at_)pobox(_dot_)com
Finger bodysurf(_at_)pobox(_dot_)com for my PGP public key (Bits 1024/KeyID 
09DA5C49).
PGP Key FPrint (09/03/94): 4C 97 F1 FA 70 55 68 91  49 D1 AD F2 DD 63 0C 15
---------------------> Please PGP encrypt your email <---------------------