EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 11 May 2017, 12:25 AM   #31
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 371
Quote:
Originally Posted by joe_devore View Post
I liked it too when I could setup known spam to bounce, so that way.. SPAMMERS thought they had an invalid email address..
Sadly, this is a popular misconception — especially in the way that FastMail (and most commercial email providers) handle the "reject" option in Sieve.

In short, there's a good chance that using a "reject" rule in a FastMail sieve script will have zero impact on the amount of spam you receive.

While it would be great if FastMail implemented session-level SMTP rejection (e.g. don't even accept a rejected message in the first place), there's a fair bit of complexity in handling this, technically as well as philosophically (e.g. how do you handle a single message that comes in for multiple recipients who have different rules in their individual Sieve scripts?).

So, what we're left with is a bounced non-delivery notification — a new e-mail that gets sent out to the offending address — and there are at least two problems with this approach that result in it having basically no effect on spammers...
  • Chances are the FROM address in a spam email is either invalid or completely forged. Hence, the bounce either goes to an innocent bystander, or nowhere at all. Meaning in the very best case, the spammer never even sees the non-delivery notification, and in the worst case, some random person gets it instead
  • Even in the unlikely event that the spam comes from a legitimate address that can receive messages, chances are good that modern spammers aren't harvesting these non-delivery notifications. The only scenarios that might be an exception are things like 419 scam e-mails, where they kind of expect replies, however that's still assuming they can be bothered looking at non-delivery notifications and updating their lists.
jhollington is offline   Reply With Quote
Old 11 May 2017, 01:01 AM   #32
joe_devore
Essential Contributor
 
Join Date: Dec 2003
Location: Dover, NH, USA
Posts: 315
Unhappy

;_;
ooh well..
joe_devore is offline   Reply With Quote
Old 11 May 2017, 03:17 AM   #33
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
Be sure to read:
https://en.m.wikipedia.org/wiki/Joe_job

You don't want to quickly assume that a spam message was actually sent by the normal visible From address or the Reply-To header address, since those are extremely easy to forge.

Bill
n5bb is offline   Reply With Quote
Old 11 May 2017, 06:47 AM   #34
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,683
I know this is an FM forum, but use Gmail to read your FM mail and they will take care of most of the spam. Report the occasional spam message that gets through to Gmail and you generally will not be bothered again. Whatever else you think about Gmail, they have the best spam filtering in the business, with the fewest false positives too.
TenFour is offline   Reply With Quote
Old 14 May 2017, 02:09 PM   #35
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
Fastmail staff (Rob M) says they a patch to fix the sieve reject bug which will be rolling out soon (if it isn't already in place). I haven't had time to test it yet.

Bill
n5bb is offline   Reply With Quote
Old 14 May 2017, 04:44 PM   #36
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,995
No its still showing my main log in mail address.

But Fastmail have been and will be very busy with the Big move.
Terry is offline   Reply With Quote
Old 15 May 2017, 01:55 PM   #37
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
Following. Hope to hear this is fixed soon. I do still use this (with a small fraction of the messages I don't accept).
elvey is offline   Reply With Quote
Old 16 May 2017, 01:42 PM   #38
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696

Representative of:
Fastmail.fm
We tested the fix getting Postfix to bounce it, and the internal username was leaking out, so we wound up patching Cyrus with a configuration option to revert back to the old behaviour of generating its own bounce messages.
brong is offline   Reply With Quote
Old 16 May 2017, 03:22 PM   #39
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,995
Thank you brong....Excellent service as usual....

We do appreciate all the time and trouble you have spent on this.
Terry is offline   Reply With Quote
Old 16 May 2017, 11:46 PM   #40
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 371
Definitely working instantaneously now, but it's very important to note that the new behaviour will definitely not imply an invalid address. Since it's Cyrus bouncing the e-mail and not Postfix, it's not an SMTP-type bounce at all, but rather a message that explicitly says:

Code:
Your message was automatically rejected by Sieve, a mail
filtering language.

The following reason was given:
(your reject rule string goes here)
There's nothing wrong with this approach, IMHO — it's arguably a more appropriate message if you're not going to be handing out an SMTP 550 error at the session level — but it's important to know for anybody who thinks that a Sieve "reject" rule will make it look like an address doesn't exist (and thereby dissuade spammers); this method makes it abundantly clear that the message is going to a valid address and being rejected by an explicit rule.

That said, I suppose you could put something like "This mailbox doesn't exist" as the string in your "reject" rule, which might fool some people....
jhollington is offline   Reply With Quote
Old 17 May 2017, 01:29 AM   #41
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 876
Quote:
Originally Posted by jhollington View Post
That said, I suppose you could put something like "This mailbox doesn't exist" as the string in your "reject" rule, which might fool some people....
You can fool some of the people some of the time, but spammers care not no matter what..

- Bruce
somdcomputerguy is offline   Reply With Quote
Old 17 May 2017, 01:34 AM   #42
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 371
Quote:
Originally Posted by somdcomputerguy View Post
You can fool some of the people some of the time, but spammers care not no matter what..
Heh, exactly

In my experience, the only thing that works with (some) spammers is an actual SMTP-level rejection that refuses to accept the mail in the first place. Most bounce messages won't go back to a valid address anyway, and even if they do, it's rare that any spammer is going to take the trouble to go through an inbox and process non-delivery notifications.
jhollington is offline   Reply With Quote
Old 17 May 2017, 11:43 AM   #43
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
My guess is that it's an automated process. The spammer dumps a file of email addresses they purchased into a tool they purchased and it kicks out spam. The ideal situation for them is when the return message goes somewhere else and doesn't bother them. Why pay for an incoming email account? My guess is that the spam and phishing we get is composed of:
  • One-way advertising. The spammer wants you to read their message and do something (click a link, go to a website, call a phone number, buy a penny stock). They don't want responses to their email to come back to them, since there are a huge number of automatic or manual rejection messages.
  • Virus-laden messages. All the sender wants you to do is open the message and possibly open an attachment. Responses are again ignored.
  • Commercial spam from firms who got your opt-in a long time ago or didn't bother to ask you. They might respond to an unsubscribe response, but only if you follow the rules at the bottom of the message. Other responses are probably ignored.
  • I see a few messages which remind me of the old chain letters. They want you to read their sob story or money transfer scam, and react as they request. Often they tell you to send an email to a DIFFERENT email address, since they don't want to read all of the auto-reject messages.
I just don't see any purpose of sending the sender an automated response in any of these cases. Your auto-reply will probably go to a non-working or innocent email box. I do see a reason to send a vacation-style reply in some cases, including when you are changing your email address. This only works if you have a reason to believe that the message is not spam and is being read by a human who cares.

Bill
n5bb is offline   Reply With Quote
Old 17 May 2017, 12:22 PM   #44
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 371
Quote:
Originally Posted by n5bb View Post
My guess is that it's an automated process. The spammer dumps a file of email addresses they purchased into a tool they purchased and it kicks out spam. The ideal situation for them is when the return message goes somewhere else and doesn't bother them. Why pay for an incoming email account?
Exactly. There was a time when spammers were in the business of selling lists of valid e-mail addresses, in which case there was some interest in being able to ensure that they produced lists that were "high quality merchandise." Even in that case, however, since 99% of e-mail systems immediately refuse invalid addresses at the SMTP session level, that's the only type of error that really had any chance of getting an address off the list.

However, in the modern Internet era, I'm not really sure how many spammers even care about "quality" email address lists any more, so even outright "invalid address" errors on delivery probably don't do much to discourage spam.
jhollington is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 02:09 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy