Bounce Email plug-in, or rule? Anti-Stalking help, please


S

Stephen

We are running Outlook 2007 with Exchange at home
2 Users
1 with Windows XP and 1 with a mac

We want to nominate 1 specific email address to NOT get any mail from.

We want to bounce it, with the end desire being that "you cannot get to
me", rather than the email just being auto-deleted.

Creating a rule for "trash" does not get the hint back to them in the
same manner.

The Exchange service offers a blacklist function, but not a bounce-back
to a specific email address.

Anyone have any ideas?
 
Ad

Advertisements

S

Stephen

Thanks Graham,

Mailwasher won't work on a mac.

Even if it did, I think it'd need to run in the background all the time,
to capture new emails before they got to an opened Outlook.

I'll try to understand your post and all the settings - does this mean
you should be giving out the gmail address as a main one for everyone
with none being filtered & all forwarded at first, THEN if you get a
not-so-nice person, you can filter them out?

Is that the idea?
 
V

VanguardLH

Stephen said:
We are running Outlook 2007 with Exchange at home
2 Users
1 with Windows XP and 1 with a mac

We want to nominate 1 specific email address to NOT get any mail from.

We want to bounce it, with the end desire being that "you cannot get to
me", rather than the email just being auto-deleted.

Creating a rule for "trash" does not get the hint back to them in the
same manner.

The Exchange service offers a blacklist function, but not a bounce-back
to a specific email address.

Anyone have any ideas?

Bouncing is an illegitimate response and almost guarantees that you will
hit undefined e-mail addresses or some innocent whose e-mail address got
usurped by the spammer. You really think spammers dole out their true
e-mail address? DUH!

If you're asking about bouncing, you are not asking how to maintain an
blacklist up on the server but instead a bogus rejection issued by the
e-mail client (Outlook). After the mail session has terminated between
the sending and receiving MTUs, there is NO INFORMATION in the headers
of a received e-mail that can guarantee just exactly who was the sender.
During the mail session between MTUs, the receiving MTU knows who was
the sending MTU. It is during the mail session that an e-mail should
get rejected by the receiving MTU. The sending MTU then gets a
rejection and it has to handle sending the NDR (non-delivery report)
message to whomever was the sender to it.

The e-mail client doesn't have any good info on which to rely to
guarantee that it will send the bogus rejection (which was not sent by a
mail server but by the client) to the correct recipient. If it is spam,
it is a done deal that your bogus rejection e-mail will NEVER be
received by the spammer. It may, however, end up wasting resources by
your mail server to send your bogus rejection e-mail. If the spammer's
domain is false (doesn't exist), the mail server will die immediately
since it has no destination domain to send your fake bounce. If the
domain exists, your mail server wastes resources trying to send to a
username that may not exist at that domain. If the username exists, it
won't be for the spammer and instead you slam an innocent when your fake
bounce - which qualifies as deliberate backscatter and can get YOU added
to the public blacklists, like Spamhaus and SpamCop. Backscatter is
reportable as spam and you issuing fake bounces generates backscatter.

Only DURING A MAIL SESSION between MTUs (mail servers) should a
rejection be issued to the sending MTU. SMTP was designed under a trust
model and none of the headers in an e-mail can guarantee who was the
sender. That info is available only during the mail session between
mail servers (and only the sending MTU is known to the receiving MTU but
then the receiving MTU isn't issuing yet another e-mail but instead just
issuing a rejection status during the mail session).

If you want to find out how to maintain blacklists of senders in
Exchange then ask in a newsgroup that discusses Exchange. Below is my
canned response regarding boobs that think bouncing is a good idea. It
may have other points not mentioned above plus there are some links to
articles to further explain why fake bounces are not only stupid but can
be harmful (which can include harmful to you).

<canned response>
The bounce feature in any e-mail client is very stupid and irresponsible
primarily because ignorant users will actually believe the software
author is providing an appropriate feature and that it will somehow it
will avoid further spam. Spammers do not use their own e-mail address.
Instead they use a bogus one (which may be a valid e-mail address for
some user) or they use one that they've already stolen and is often
included in the recipient list of e-mail addresses. Spammers change
their e-mails every time they spew so blocking on the one they used last
time won't eliminate getting their crap when they next spew. Spammers
rely on the ignorance of e-mail users that believe using blacklists
and/or bouncing by the sender's claimed e-mail address has any effect on
reducing received spam.

- Blocking by the sender's e-mail will NOT eliminate spam in your
mailbox. The spammer's e-mail address changes at their will.

- Bouncing based on the return-path headers in an e-mail will NEVER hit
the spammer. Only boobs think the spammer will identify themself.

YOU are not connected during the mail session between the sending and
receiving mail servers so you have absolutely no means to guarantee of
knowing from the return-path headers (e.g., From or Reply-To) as to who
sent you. The sender can put anything they want in there. Even mail
servers that first accept a message, end the mail session with the
sending mail host, and then check afterward if the e-mail address is
valid or not and then try to send a *new* message back to the sender
will get it wrong. If a valid IP address of the sender is included in a
Received header, that does NOT provide you with an e-mail address to
which you can bounce back their spam. You cannot rely on the
return-path headers to guarantee identifying the true sender. These
bounces are sent blind!

The spammer isn't going to identify themself to receive that bounce. Now
consider that only aren't you the receiving mail server but you are even
further removed from the mail session between the sending and receiving
mail hosts. There is nothing in your e-mail client that can absolutely
guarantee who is the sender of the spam you got in your Inbox, so
bouncing it anywhere means wasting bandwidth for you to send the bounce,
disk space and bandwidtch by your mail server to attempt to deliver your
bounce, disk space and CPU cycles for the receiving mail host to accept
your bogus bounce mail, and some innocent getting slapped with your
misdirected bounce (which, by the way, can be reported to blacklists as
backscatter and get you blacklisted).

Think about it for all of 10 seconds, if even that long. Would you like
to be the victim of a "mail bombing" because some spammer usurped your
e-mail address, sends out a million copies of their crap with you
identified as the sender, and then all those boobs using e-mail clients
with a bounce option end up filling your mailbox with all their
misdirected bounces?

Any e-mail client that provides a bounce option are irresponsible
software authors. Ignorant users sending misdirected bounces are
irresponsible e-mail users. Have a read at:

http://spamlinks.net/prevent-secure-backscatter-fake.htm
http://spamlinks.net/prevent-secure-backscatter.htm

Warning: If you send me backscatter, like misdirected bounces which to
me are unsolicited and hence spam, I will report you to blacklists, like
at SpamCop, for your irresponsible and ignorant use of flawed anti-spam
schemes. If you punish me with your backscatter, I will punish you! I'm
not the only one with this attitude. There are plenty of spam reporters
out there and they will report you, too. It is not up to the rest of us
to placate your sensitivity for your spam problem by being your victim.
Get a responsible anti-spam solution.
</canned response>
 
D

Diane Poremsky [MVP]

For it to be effective you need to bounce at the server, when exchange
accepts the message.
 
Ad

Advertisements

S

Stephen

VanguardH,

Thanks for your detailed reply.

We know who is the sender (a former friend) and the email "from" address
is valid.

This all looks very difficult - perhaps we'll just get a new email
address and not tell her.

Cheers,


Stephen
 
V

VanguardLH

Stephen said:
Do you know of any Exchange providers who offer this as a service?

You say that "you" use Exchange? Do you really or are you contracting
this service out to someone else that gives you hosted Exchange
services?

A simple Google search:

http://www.google.com/search?q=+exchange++block++sender

Found as its first hit:

http://www.msexchange.org/tutorials/Sender-Recipient-Filtering.html

So you CAN block this specific repeat sender who always uses the same
e-mail address. Problem eliminated. Why do you care how often this
sender attempts to send you an e-mail if YOU never see it? Do you
really care how often and how loud someone screams in a sound-proof room
if you're not there to listen? Getting bounceback messages is probably
what will KEEP that sender spewing out more e-mails to you. They are
getting the attention that they crave and you are giving it to them.

Just block the sender and move on with your life. Stop wasting time try
to retaliate. Bouncing is ineffective at stopping a malcontent.
 
G

Graham Mayor

I missed the reference to the Mac - and yes it does run in the bacfkground
and intercepts mail before it reaches Outlook.
As for the Gmail solution, then no you don't give out the Gmail address. You
use your standard e-mail address. The senders do not need to know that you
have a Gmail address. The web page explains the setup (for a PC). You can
block any sender in Gmail and the messages are not passed to Outlook.
 
Ad

Advertisements

S

Stephen

Diane,

Thanks for that elegant response.

As I do not personally host the server, I have limited access to its
settings, so the simple thing for us to do is create a new email
address, and no longer use the older one.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top