Tony Wyatt schreef:
Hi Ochal,
On 22/08/2006, you wrote:
Autoforwarding of mails to spamcop is *BAD*, as it can be rather disruptive for email services.
I still don't understand what this is all about. Is the allegation that someone has somehow set Olegil's server into relay mode? How can forwarding mail to spamcop (which I assume is an address somewhere) end up spreading it via a subscriber-only server to an address that does not even remotely resemble "spamcop"?
Erm, no, by submitting a mailserver to spamcop you can have it entered in the RBL, these are widely used blacklists that list known spamservers. By adding Olegil's server, one could disrupt his email traffic because it's listed in the RBLs, and as such, rejected by other mailservers.
The presence of that one spam message isn't the problem, it's reporting Olegil's server to spamcop that's bad.
I'm probably not the only one here who is mystified. Some explanation of the mechanism would be interesting, at least. It might even help the unfortunate infected clean their machines.
Ok, i'll try ;)
My mailserver (the one for .kefren.be ) will take the following actions when mail is sent to kefren.be:
- The mailserver checks with reverse DNS if the mail is coming from where it claims to come - The mailserver then checks to see if the origin is know with the various RBL's configured on my machine - The mailserver checks the mail for known spam/virusses/etc - The mailserver delivers the mail to my account
Now the mail is ready for retreaval, so i open up thunderbird, and download the mail. If i were to be running spam identification software/filters/scripts, these might recognise the mail on the ML as spam, and (this is bad design in my opinion) pass the mail on to spamcop (although i thought you needed an account with them to do this? don't recall), who then examines the mail again, and possibly flags the origin (Olegil's mailserver) on the RBLs, thus preventing Olegil mailing ex. me. (since the origin is in the RBLs)
This is an example of doing it client side, the server could probably also be configured to do this at step 3 with various scripts & plugins.
Now, i hope this made sense (and that it's somewhat accurate) haven't been sleeping much lately ;)