Post by D. StussyYes, but you ALSO block those who wouldn't be sending you an NDR if
they had a properly configured mailserver.
Post by D. StussyIt's YOUR responsibility as the mailbox owner to declare what is and isn't
a legitimate message from your mailbox.
According to which RFC? Is that at the level of MUST, SHOULD, or This
is an Experiment you Might want to Try?
Post by D. StussyBy NOT doing so, you are telling the rest of us
By not telling you anything, I'm not telling you anything. It's just
that simple.
Post by D. Stussythat you WANT NDRs even for messages you claim you never
sent nor authorized
Do you want to be held to have agreed to everything you haven't
explicitly disclaimed according to every method that anybody else has
proposed?
Post by D. Stussy- and therefore such NDRs are NOT backscatter, because
you wanted them.
False on several counts. (1) Backscatter isn't defined in terms of
"want". (2) I don't want them, and I've said so and posted that fact
here numerous times.
Post by D. StussyPost by Claus v. WolfhausenHey we don't blame those that are sending backscatter, we just list them.
Same thing. Same result.
You have a problem with them telling the truth?
Post by D. StussyPost by Claus v. WolfhausenAfter that the problem is fixed for us and our users.
...Without recognizing that YOU are the cause of the problem by letting the
spammers abuse and forge your mailbox as the sender in the first place.
Please explain exactly how I can stop spammers from forging, keeping
in mind that it's illegal in most states to shoot them.
Post by D. StussyPost by Claus v. WolfhausenIt's the listees that seem to have a problem, otherwise they wouldn't
come here and whine about our listings.
They complain about your listings because you claim that their servers are
misbehaving, which may in fact be INCORRECT.
I don't see any claim about "misbehaving". I see statements about
"sent NDRs to addresses that never send email".
Post by D. StussyTheir servers may very well be checking for SPF and DK/DKIM
signatures, and would have not sent any NDR had the mailbox owner
(that means you w/r to your spamtraps) implemented these tools so
that these complainants' servers could tell that the messages were
forged.
So what? Backscatterer doesn't claim that the NDR-sender would or
would not have sent NDRs in some alternate universe. It claims that
the server actually sent something.
Post by D. StussyYour failure to implement SPF and/or DK directly leads to the possibility
of these systems to generate an NDR.
Those systems do what _they_ are programmed to do by _their
administrators_. I'm not one of their administrators. I have no
control over what they do.
Post by D. StussyThe fault is YOURS, not theirs.
Backscatterer isn't about fault. It's about specific email messages.
What they send is their responsibility.
Post by D. StussyBy not using these tools, you have told them that
I am not using those tools. That's all I say by not using those
tools. I am not responsible for any incorrect conclusions drawn by
anybody else.
Post by D. StussyALL messages from your mailbox are legitimate.
All the messages that are actually from it are legitimate. Messages
forged by spammers are not legitimate, and I'm not saying they are.
If you say they are, then you're lying (or at least wrong).
Post by D. StussyOnly when a mailbox that is protected by SPF and/or DK (or other, future
method)
No problem then: my mailbox is protected by Uncle Guido's Osteofractic
Mailbox Protection Service.
Post by D. Stussyreceives an NDR with respect to a message that is a forgery does
the NDR become backscatter
You may define terms however you wish. When you use terms in
non-standard ways, your ability to communicate ideas suffers and
instead of people saying "so what?" they say "You're wrong."
Post by D. Stussy- i.e. backscatter can be sent ONLY by servers
that don't check for (or don't act on, by rejecting a message with) a
positive forgery status.
YM "Stussy-defined-backscatter" can be sent only by such servers. I
don't care about that; I want to stop Seth-defined backscatter (which
happens to match backscatterer-defined backscatter, and probably the
definitions of most other entities posting here).
Post by D. StussyThose are the ONLY misbehavers that should be listed.
Your opinion as to how others should behave is noted. How many users
does your list of sites that backscatter by your definition have?
Post by D. StussyIt is YOUR responsibility
You don't get to invent and place responsibilities on others.
Post by D. Stussyto tell them the criteria by which they can determine the message
isn't from you so that they have a reason not to generate the NDR.
OK: "If I didn't send it, then it isn't from me."
Post by D. StussyWithout such, they are REQUIRED to generate the NDR for
message non-delivery (assuming it wasn't rejected for some other reason).
You can say they're required to do something. It doesn't matter; they
get listed for what they do, whether or not you claim (correctly or
not doesn't matter) that it's required.
Post by D. StussyIf you don't want the possibility of backscatter, YOU need to tell them
I've told them.
Post by D. Stussy(and do so with the tools already mentioned)
Oh, so now you get to list all the possible ways?
Post by D. Stussywhat may be a legitimate mesage and what isn't.
A message that I didn't send but which claims to come from me is not
legitimate. It's just that simple.
Post by D. StussyYou have continuously LIED about what is going on here.
No, they haven't. You have continuously used incorrect definitions of
terms in order to support your claims.
Post by D. StussyYou claim that your spamtrap mailboxes receive NDRs but that no
message is ever sent using any of them as sender.
No message is _legitimately_ sent (that is, by anyone authorized by
the mailbox owner to send it) from any of those mailboxes.
Post by D. StussyAs an NDR can come only as a reply, this means that your spamtraps
were in fact used as senders by SOMEONE (presumedly, a spammer).
That's right.
Post by D. StussyThat is a direct contradiction of your claim. I note that you
did not say that "you never send using them...." You said that "mail is
never sent with [them] as sender."
They aren't the sender. Some spammer is the sender.
Post by D. StussyThose statements don't mean the same thing.
In this case, they're both true.
Post by D. StussyObviously, someone does send messages using your spamtraps as
source - and if these messages are not legitimate, you need to tell
us
As before, you don't get to create needs for others.
Seth
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.