2013-11-28
A quick analysis of bounces here
Every so often I pose myself a question which turns out to not really pan out. Recently I wound up wondering what sort of patterns I'd see for the destination addresses or domains of bounce email generated by our central mail server. What I expected to see was a good showing by what I consider my usual suspects, the kind of places that cause me to write that recent entry. Instead I found that we seem to generate a far lower volume of this sort of bounce than I expected and there are no really big glaring patterns (except one).
As mentioned, there's nowhere near the volume of bounces being sent to outside addresses that I expected to find. If I'm generating my stats right, we had well under a thousand of these over the past 30 days. Our single largest source and thus target for bounces is a relatively active technical mailing list that is totally not removing a bad address here; it's probably responsible for around half of all such bounces. The second largest source is similar but may not be a legitimate and above board mailing list (the Internet search oracles are unclear).
After that, well, things start coming out of the woodwork. The third most active source looks pretty clearly like spam (certainly mail servers we forward to are rejecting its emails on that basis), but in total numbers it's small beans. Then we have email from Facebook and Itunes (likely due to people forwarding their email to destinations that don't exist any more) and then a mixture of likely fully legitimate sources and more questionable ones. Nothing stands out.
In short, if I was relying on this analysis to find people who sent our users spam and then had that bounce, I don't think I'd have found much. The people who attracted my irritation in the earlier entry probably would have been lost in the noise.
2013-11-23
You are not fooling us with broken bounce addresses
This is a close cousin on my previous blog entry on broken bounce
addresses, but today I'm feeling less
charitable. Right now we have sitting in our mail queues a bounce that's
trying to be delivered to the address mailreturn@smtp.ymlp44.net and
has been for the past ten hours. From past experience I know that this
message will never be delivered; it will sit there until it times out.
Since this is an actual bounce, the original message was not scored as spam (we automatically discard bounces of spam). But this is not fooling anyone about what business 'Your Mailing List Provider' is really in. When you claim to be a legitimate mailing list provider but do not accept bounces back, well, people notice (especially if the envelope sender address looks like something that exists to catch errors and so on). Certainly we do. In fact you are fooling us far less effectively than if you accepted the bounce, complaint, or whatever and silently swallowed it.
(We'd probably never notice that. To do so we'd have to do some sort of analysis of common bounce target addresses or bounce target domains, and that's just not something we'd ordinarily do. The way you catch the eye of most sysadmins is to sit around in something that we pay attention to, such as our mail queues.)
I'd say that I don't know why people do this, but actually I do. It's
pretty easy. If you're setting up a bunch of different sending machines
and giving them all their own domains and hostnames that they'll use
in envelope sender addresses, it's that much more work to have them
listen for incoming SMTP (even if they just discard everything). And you
certainly don't want to MX all of your sending domains to something
common because that could give people who want to block all of your
activity an automated way of recognizing you.