2013-11-28
A quick analysis of bounces here
Every so often I pose myself a question which turns out to not really pan out. Recently I wound up wondering what sort of patterns I'd see for the destination addresses or domains of bounce email generated by our central mail server. What I expected to see was a good showing by what I consider my usual suspects, the kind of places that cause me to write that recent entry. Instead I found that we seem to generate a far lower volume of this sort of bounce than I expected and there are no really big glaring patterns (except one).
As mentioned, there's nowhere near the volume of bounces being sent to outside addresses that I expected to find. If I'm generating my stats right, we had well under a thousand of these over the past 30 days. Our single largest source and thus target for bounces is a relatively active technical mailing list that is totally not removing a bad address here; it's probably responsible for around half of all such bounces. The second largest source is similar but may not be a legitimate and above board mailing list (the Internet search oracles are unclear).
After that, well, things start coming out of the woodwork. The third most active source looks pretty clearly like spam (certainly mail servers we forward to are rejecting its emails on that basis), but in total numbers it's small beans. Then we have email from Facebook and Itunes (likely due to people forwarding their email to destinations that don't exist any more) and then a mixture of likely fully legitimate sources and more questionable ones. Nothing stands out.
In short, if I was relying on this analysis to find people who sent our users spam and then had that bounce, I don't think I'd have found much. The people who attracted my irritation in the earlier entry probably would have been lost in the noise.