Wednesday, June 23, 2004

Identifying bad responses.

Earlier I talked about using bad bounce messages to combat spam, but I didn't talk about how to detect the bad bounces in the first place.

The way I'm doing this relies on TMDA. Every message I send has a dated address as the envelope sender. This is the address that errors (bounces) are supposed to go to, so I know that any legitimate mailer daemon response will come to a dated address.

Given that fact, I can safely filter any daemon message that's not to a dated address.

Note that the same rule takes care of misfired challenges from other TMDA users. TMDA's challenges look a lot like bounce messages. I wish that it were true of other auto-responses. In spite of the simplicity of the above, the actual rules I use to discard auto-responses are convoluted. I wind up getting junk responses from sales@example.com, people on vacation, and the abuse departments of ISPs.

I have SpamAssassin in the pipe too, and it can't tell an unsolicited response from a legitimate message. The only way I can tell the difference myself is by recalling that I never emailed the person responding.

This is a big problem I have with content filters. A lot of my unwanted email consists of legitimate responses to illegitimate mail. I can't expect a pure content filter to tell the difference. SpamAssassin is really good at identifying spam, but it can't help with the unwanted email that's not spam.

No comments: