Danger signs for mail senders in SMTP conversations
This is another one of those entries that I write for people who are never going to read it, but I don't care; I just feel like pointing out the relatively obvious.
Suppose that you are someone who runs a mailing list service. Like everyone else who offers such a service, spammers will attempt to (ab)use it. Thus, one of the important things that you need to do is detect signs that you have a spammer's mailing list, and these days you certainly can't count on abuse complaints to tell you this.
As I've mentioned before, SMTP time rejections can be an important
signal. The corollary of this is that the kind
of SMTP rejection matters, and in particular you should really pay
MAIL FROM and
DATA rejections and consider them a
significant warning sign. This is because there are many fewer reasons
for rejecting at those stages than for rejecting at
RCPT TO time so
if your mail is rejected then, well, there's any number of explanations
besides 'it's spam'; the user's account could have expired, for example.
(And, let us admit, a disturbingly large number of mail systems have
temporary glitches that cause equally temporary
RCPT TO failures.
This is why real mailing list management software pretty much never
automatically removes addresses on a single
RCPT TO failure.)
Since they don't have these relatively innocent explanations, mail
MAIL FROM or especially from
DATA are often signs of
something serious going on. In particular a permanent failure at
time almost invariably means that the recipient's system really dislikes
the message for some reason; if you're running a mailing list service,
the usual case is that it's spam. A
MAIL FROM rejection can have more
innocent explanations, including a misconfigured MTA on the other side,
but it is still more of a danger sign than a
RCPT TO rejection.
(A significant volume of
RCPT TO failures is still a danger sign, in
part because it means that either the list of addresses is old or that
the mailing list was badly maintained before it moved to your service.
And if a mailing list has a few good mail-outs and then suddenly its
RCPT TO failures spike upwards significantly, well, that's a bad
sign itself. It could be that a whole bunch of user accounts just
coincidentally got expired or filled up, but it's more likely that a
bunch of anti-spam systems that reject at
RCPT TO time suddenly woke
Of course, all of this presumes that you are trying hard to run a 'clean' mailing list service instead of any of the various alternatives. I'm not convinced that there is or can be any such thing these days, as convenient as it would be for modern web applications if there was.