Spam sent to list owner causes bounce increment for list owner
Hi all,
Someone sent a spam message to the list owner (me) of one of my lists. Then I got booted from the list.
The scenario in more detail: The list server forwards the message to me, as I’m the list owner. This message is sent from <list>- <mailto:artists-bounces+hansen=rc.org@list.rc.org>bounces+hansen=rc.org@list.rc.org <mailto:bounces+hansen=rc.org@list.rc.org> to hansen@rc.org <mailto:hansen@rc.org>. My service provider’s spam filter rejects the spam (correctly) in a message and informs the list server. The list server sends a message to <list>- <mailto:artists-bounces+hansen=rc.org@list.rc.org>bounces+hansen=rc.org@list.rc.org <mailto:bounces+hansen=rc.org@list.rc.org> (the fake sender) saying that the message to hansen@rc.org <mailto:hansen@rc.org> (the recipient) could not be delivered because it was spam. The list server also blames hansen@rc.org <mailto:hansen@rc.org> (me) for the bounce and increments my bounce score, which, to me, is unfair.
So I wonder: Is the Mailman host at list.rc.org <http://list.rc.org/> at fault for not catching the spam before it reaches the list server? (One could argue that) Is my rc.org <http://rc.org/> service provider at fault for sending the bounce message to the server instead of the to the original sender? Is Mailman at fault for thinking that the bounce message was caused by a list message FROM me, instead of a bounced message TO the list owner?
Yours,
Allan
On 12/18/23 9:59 AM, Allan Hansen wrote:
Hi all,
Someone sent a spam message to the list owner (me) of one of my lists. Then I got booted from the list.
The scenario in more detail: The list server forwards the message to me, as I’m the list owner. This message is sent from <list>-bounces+hansen=rc.org@list.rc.org to hansen@rc.org. My service provider’s spam filter rejects the spam (correctly) in a message and informs the list server. The list server sends a message to <list>-bounces+hansen=rc.org@list.rc.org (the fake sender) saying that the message to hansen@rc.org (the recipient) could not be delivered because it was spam. The list server also blames hansen@rc.org (me) for the bounce and increments my bounce score, which, to me, is unfair.
So I wonder: Is the Mailman host at list.rc.org at fault for not catching the spam before it reaches the list server? (One could argue that)
Depends on what kind of spam filtering if any you have on incoming mail to list.rc.org.
Is my rc.org service provider at fault for sending the bounce message to the server instead of the to the original sender?
Absolutely not. The envelope sender of the mail was set by Mailman to <list>-bounces+hansen=rc.org@list.rc.org in order to enable automated bounce processing. rc.org correctly sent the bounce to the envelope sender.
Is Mailman at fault for thinking that the bounce message was caused by a list message FROM me, instead of a bounced message TO the list owner?
Arguably, yes, but not based on FROM. FROM has nothing to do with it. The message was sent TO you so if it bounces, it is a message to you that bounced, so you are the one bouncing this message. All Mailman knows is a message was sent to you and it bounced so it's your address that is bouncing. It doesn't matter whether this was a post to the list that bounced or a message to <list>-owner. A bounce is a bounce.
Note that this list's bounce processing is very aggressive. If you got removed from the list after one bounce, the list must have Bounce score threshold = 1 and Bounce disable warnings = 0. You might consider adjusting these.
There is an easy fix for this. Set verp_probes: yes in mailman.cfg.
Then when your bounce score reaches threshold, instead of
disabling/removing you, Mailman will send a probe message to you. It
will only disable/remove you if the probe bounces which it presumably won't.
Another avoidance would be to use an address for the owner which is not the address of a member. Then if the owner address bounces, nothing is done because the bouncing address isn't a list member.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hi Mark,
Thank you for the explanation, and it all makes sense. I prefer your verp_probes solution, as I do prefer to have my list work concentrated in one place.
I did have 5 bounces on the list - I guess a lot of spam is happening due to the holidays. I noticed a big uptick myself.
Thanks again,
AllanOn Dec 18, 2023, at 10:30, Mark Sapiro <mark@msapiro.net> wrote:
On 12/18/23 9:59 AM, Allan Hansen wrote:
Hi all, Someone sent a spam message to the list owner (me) of one of my lists. Then I got booted from the list. The scenario in more detail: The list server forwards the message to me, as I’m the list owner. This message is sent from <list>-bounces+hansen=rc.org@list.rc.org to hansen@rc.org. My service provider’s spam filter rejects the spam (correctly) in a message and informs the list server. The list server sends a message to <list>-bounces+hansen=rc.org@list.rc.org (the fake sender) saying that the message to hansen@rc.org (the recipient) could not be delivered because it was spam. The list server also blames hansen@rc.org (me) for the bounce and increments my bounce score, which, to me, is unfair. So I wonder: Is the Mailman host at list.rc.org at fault for not catching the spam before it reaches the list server? (One could argue that)
Depends on what kind of spam filtering if any you have on incoming mail to list.rc.org.
Is my rc.org service provider at fault for sending the bounce message to the server instead of the to the original sender?
Absolutely not. The envelope sender of the mail was set by Mailman to <list>-bounces+hansen=rc.org@list.rc.org in order to enable automated bounce processing. rc.org correctly sent the bounce to the envelope sender.
Is Mailman at fault for thinking that the bounce message was caused by a list message FROM me, instead of a bounced message TO the list owner?
Arguably, yes, but not based on FROM. FROM has nothing to do with it. The message was sent TO you so if it bounces, it is a message to you that bounced, so you are the one bouncing this message. All Mailman knows is a message was sent to you and it bounced so it's your address that is bouncing. It doesn't matter whether this was a post to the list that bounced or a message to <list>-owner. A bounce is a bounce.
Note that this list's bounce processing is very aggressive. If you got removed from the list after one bounce, the list must have Bounce score threshold = 1 and Bounce disable warnings = 0. You might consider adjusting these.
There is an easy fix for this. Set
verp_probes: yesin mailman.cfg. Then when your bounce score reaches threshold, instead of disabling/removing you, Mailman will send a probe message to you. It will only disable/remove you if the probe bounces which it presumably won't.Another avoidance would be to use an address for the owner which is not the address of a member. Then if the owner address bounces, nothing is done because the bouncing address isn't a list member.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to hansen@rc.org
participants (2)
-
Allan Hansen -
Mark Sapiro