Do You Bounce SPAM? Stop Doing That!

What would it do to your business if you had to sift through 250,000 emails to find the dozen that were from your clients or friends?

Just think about that for a moment; 250,000 emails - a quarter of a million emails. Any one of which could be from an important client or a long lost friend - but the majority of which are just "noise".

Lots of people nowadays run SPAM-filtering software. This is a good thing. It appears that many of those people also configure that to software send the SPAM back to the sender. This is known as "bouncing", and is NOT a good thing. Read on to learn why it's a bad idea to bounce SPAM and what you can do about it.

Bouncing SPAM amounts to a DDOS attack

Twice in the last year one of my domains has been used as the "From" address by some [expletive deleted] spammer. On both occasions my domain was inundated with bounces from SPAM-filtering software. I used the word "inundated" and you might think I'm exaggerating, but 250,000 bounced emails in 24 hours on a dialup connection qualifies as inundated in my book.

A DOS (Denial Of Service) attack on a domain is one which clogs up that domain (denies service) by either overloading the domain's servers or exploiting a vulnerability in the server's TCP/IP implementation. A DDOS (Distributed DOS) attack is one which uses many different computers to perform the DOS. So you can see that a large number of computers sending a total of 250,000 emails to a low-bandwidth server is a DDOS.

Bouncing SPAM is pointless

Many of the messages helpfully said "Your message has been classified as SPAM and so we are returning it to you unread." Some of them even told me what rules their bayesian filter had used to classing the email as SPAM. Some of them were even quite abusive. What's the point of that? I didn't send the message, and I've never heard of the person who bounced the SPAM. If I was the spammer, I'd have used the information in the report to tailor my SPAM so that it wasn't detected by the filter the next time. Utterly, utterly pointless.

You could be next

Don't people realise that Spammers never have an email account for more than a few hours, and that they are highly unlikely to receive any emails to that address? Don't people realise that spammers don't put their own address in their spam emails anyway? They forge the headers in the spam email so it appears to come from somewhere else, some innocent user whose only crime was to register a domain name. Do you own a domain name? It could be you next.

What should you do?

If you run anti-SPAM software, please check the configuration to make sure it silently deletes SPAM and doesn't return it to the "sender". If it doesn't allow you to change the configuration to do that, ditch it, get your money back and get one that does.

And please spread the word. Let's not make SPAM a worse problem than it already is.

	phone: 01908 615176 mobile: 07813 894 858 email: derek@websiterepairs.net