On Thu, 2022-08-18 at 12:11 -0400, Kris Deugau wrote: > Mmm. So how would you, as sender or sender's mail provider, > troubleshoot a message rejected with "550 Too spammy"? I have seen > several rejections that were equally clear and to the point, without > divulging any particular detail about what, exactly, was > objectionable. > > What details should the receiving system include in that 550, such > that legitimate senders can adjust or fix something in their message, > that spammers can't also abuse to slip their glop through that filter > as well?
The only reasonably foolproof way I can think of gently telling friendly senders why their message is being treated as spam while not helping spammers to send more believable and/or less obvious spam requires something line the following: You should maintain some form of mail archive. It needn't be all that big or complex: for this purpose all it needs to contain is a list of valid addresses that you have previously sent mail to. If you keep this information set then, as an initial guess the spam response logic can be as simple as: - extract the domain name from the incoming mail's From header and use it to find the domain IP. Use that IP to do a reverse domain lookup. - if the reverse lookup fails, or the domain it retrieved does not match the one in the From address, send a bare 550 REJECT because the failed reverse lookup implies the sending domain is a forgery. This is a manual check I often use if I suspect a message of being spam and get curious about it for some reason or other. FWIW my next step is to use Lynx to see what the associated website (if any) is associated with the domain - an amazing amount of spam sources have an associated website - and its almost always an off-the-peg generic page. I use Lynx for this because it is a text-only browser that can also disable all cookie handling, so is a relatively safe way of looking at possibly dodgy websites. - if the mail archive shows that we've previously sent mail to the sender of this message, either send a bounce or a 550 rejection together with a polite explanation of why you think their message might be spam. - if mail has NOT previously been sent to the sender of this message, send a bare 550 REJECT because (a) they may well be a spammer and (b) you don't know them and so don't (yet) have any need to be nice to them. This is pretty much off the top of my pointy head, after a warmish day spent driving round part of SE UK, so probably obvious flaws, but this would be my starting point if I was planning to reject spam and similar dross rather than simply tossing it in the wastebasket and it does at least suggest a way of not telling a spammer why you dejected his junk. Martin
