> Also note that a "bounce" message would take this whole saga out of the
> "risks" venue (or at least move it to the margin).
Would that that were true, but bouncing spam merely introduces new risks.
I was intimately involved in AOL's mail system for most of the past decade,
and our motto was It's Not That Simple.
AOL hasn't always had spam filters. Years ago, we would see huge numbers
of bounce messages generated for spam runs, since spammers often send to e-
mail addresses that are no longer valid. One spammer actually sued us for
delivering his bounces back to him - he said we were trying to overload his
small mail server! (Apparently the huge volume crashed it.) And once
spammers started forging return addresses, these bounces began causing no
end of trouble for the poor site that found itself receiving millions of
undeliverable e-mail reports from AOL. Additionally, we had to make sure
that these huge queues of bounce e-mails didn't interfere with the delivery
of legitimate communications, or even bounces of legitimate communications.
Far from taking minutes to deliver, these bounce queues can quickly back up
to infinity without constant babysitting.
With SMTP, if you can detect that a message is undeliverable early enough
in the process, you can simply refuse it, rather than bounce it back. But
that presumes that the machine sending to you is the originator of the
message. Spammers often relay their e-mail off unsuspecting third-party
mail servers that are configured to accept mail from anywhere and deliver
it to anywhere. (This was the default configuration of all mail servers
until just a few years ago; remember, the Internet began as a cooperative
effort.) If you refuse mail from a third-party relay, THEY then have to
deliver the bounce messages, which again can crash or hobble their systems.
Of course, if you simply turn off spam filters on a system as target-rich
as AOL, you're left with a fairly useless mail system - we've often
estimated that 30-50% of all the incoming messages are spam.
I've since left AOL, but I know that the folks there were doing everything
they could to detect spam as early in the transaction as possible, and
refusing it rather than bouncing it whenever they could.
The real risk is taking a protocol designed to cooperatively exchange
messages within a small community, and using it for worldwide, mission-
critical communications, sometimes from hostile senders. The rest is
imperfect band-aids. ["Jay Levitt" via risks-digest Volume 21, Issue 88]
0:00
#
G!
