Closed Bug 109930 Opened 19 years ago Closed 9 years ago
A new feature which would allow a user to invoke a pseudo mail server bounce. Intended as a means to counter spam or to bring back some user privacy to email. Since savvy users can verify your existance by the absence of a server bounce, this would be a means to "stay hidden" from view. Somewhat similar to refusing to answer the front door when someone knocks. Mac OSX "mail app" seems to have this feature working, not sure how they hacked it.
19 years ago
Severity: normal → enhancement
some sort of alert should warn you to the consequences of bouncing, before you commit. cc'ing Jennifer. this would be also be good example of an alternate mail toolbar button which could be added through toolbar customization.
Severity: enhancement → normal
QA Contact: esther → laurel
the only difference with this bug is that Mscott agreed to do it! :-) we can mark this a dupe of 11769, but that one is assigned to email@example.com.
KMail, an open source mail client on KDE/Linux has this feature, both as an action to be taken on specific emails and as a filter action.
I think, there are 2 meanings of "bounce": 1. If the mail couldn't reach the intended recipient, send it back to the sender with an error message. 2. Forwarding during message delivery. This is formwarding similar to what happens when you have your yahoo.com address forwarded to your isp's email account. Apart from adding some headers, it leaves the mail unchanged. It is very different from the "Forwarding" we currently have implemented in Mailnews, where the forwarded mail is quoted or attached in/to another, new mail. Bug 12916, as I understood it, is about 2.. Marlon, is this bug about 1.? If so, I'd suggest changing the summary to "Bounce Back feature".
OK, I was confused earlier today when I suggested that bug 12916 and bug 109930 overlap. What Mail.app does is wrap the "bounced" message in a new one with comments like this (described in RFC 2034, http://sunsite.dk/RFC/rfc/rfc2034.html): > Final-Recipient: RFC822; firstname.lastname@example.org > Action: failed > Status: 5.1.1 > Remote-MTA: DNS; postoffice. > Diagnostic-Code: SMTP;550 5.1.1 unknown or illegal alias: email@example.com > Last-Attempt-Date: 2002-01-27 23:51:53 -0500 This is also what the emzlm program calls "bouncing" -- see e.g. http://lists.nas.nasa.gov/archives/ext/linux-security-audit/2000/05/msg00132.html. So, to me, it is in the summary of bug 12916 that the word "bounce" is confusing. (Although, I must admit that this word does not appear in RFC 2034.)
*** Bug 122761 has been marked as a duplicate of this bug. ***
*** Bug 124348 has been marked as a duplicate of this bug. ***
*** Bug 125026 has been marked as a duplicate of this bug. ***
RFCs 1892, 1893, 1894 and 1891 describe the protocole of a bounce message
bug 109930 and bug 12916 are both ASSIGNED, yet I can't find a difference between the two. Is this a dupe?
Summary: RFE - Bounce Back → Bounce Back
this bug 109930 and bug 12916 are not duplicates. this bug is about bouncing back spam-mails to the sender pretending the recipient does not exist. bug 12916 is about relaying e-mails to someone else to handle. (bounce forward as it were) see also comment #5
> this bug is about bouncing back spam-mails to the sender > pretending the recipient does not exist. I can't see what this this should be good for. Spammers almost always forge the from-address, so this bounce is going to annoy another innocent victim - apart from causing unnecessary traffic. Proposing WONTFIX.
This is a feature that many email clients provide. It cannot be used for spam since it will just do a single "blind forward" to the correct recipient, enabling him/her to directly reply to the original sender. It has many uses and obviously there are a lot of people who want it implemented. Please dont patronize on people who have a way of doing things differently than you might be used to.
> it will just do a single "blind forward" to the correct recipient No. You mean bug 12916.
@johann: First of all (like ben has already said) you're talking about bug 12916, which I regard as a useful feature to implement. > Please dont patronize on people who have a way of > doing things differently than you might be used to. I do not patronize anyone. Redirecting mail is useful while spamming other spam-victims is not. That's it. YMMV. (We may discuss this via mail if you like; this bug is not the right forum for flame wars.)
Sorry, I indeed mixed this up with 12916 in comment #14. Taking to email.
I suggest to change the summary to include the word SPAM, if I understand correctly that's the motivation for this bug (and non-SPAM bouncing tracked in other bugs). Please change it back if you disagree.
Summary: Bounce Back → Bounce Back SPAM
I saw this bug about 6 weeks ago, and it motivated me to try bouncing back all my spam. Since I don't want to use another mail client, I looked for external tools and found this: http://www.spots.ab.ca/~gary/mail-bounce/ It is a command line tool to bounce back a message saved to a file. I tries to scan the message headers and find a mailbox that accepts the bounce. During the last 6 weeks, I used "File / Save As" to save each received spam message and ran it through the tool. For about 80% of the spam messages the tool reported a success, 20% failed. Today I had a look in my folder of archived messages whether it has helped or not. I did not count spam message that come with future or past dates, only current dates. I picked two consecutive days from 2 months ago. Day 1: 10 spam mails. Day 2: 15 spam mails. However, yesterday I received 20 spam mails. At least for me, it seems bouncing back does not seem to help in any way, but might result in receiving more spam. Sigh. I think I will stop bouncing back and join in suggesting wontfix.
No offense to Kai, but that little informal test is pretty much useless in determining whether or not bouncing back mail is successful in reducing spam (btw, SPAM in all caps is a registered trademark of Hormel Foods Corporation). How many spam messages would Kai be receiving if he had never bounced any message back? If a specific company was sending him 1 spam message per day a month ago and he bounced them back, is that specific company still sending him spam today? Or are his current 20 spam messages from other sources? The amount of spam in the world seems to be ever increasing; bouncing mail is not a cure for the plague of spam, but it can be a useful treatment. An easy expirement to help prove that bouncing mail can help reduce spam : 1) take an email account that receives a few hundred spam messages per day and disable it so that all messages are bounced 2) a month or two later re-enable the account and see how many spam messages it receives every day I have never kept track of how many spam messages I receive and a random sampling of daily counts from one person's email really would not be indicative of anything anyway, but from my experience with the bounce feature in Apple's Mac OS X Mail program, my perception it that it does seem to help. I also would like to point out that if I only received 10-20 pieces of spam per day, I would not even be thinking about trying to reduce it because I'd be too busy celebrating. I certainly would not be trying to WONTFIX anti-spam tools that were being requested by people who are actually experiencing excessive spam.
> I certainly would not be trying to WONTFIX anti-spam tools Neither would I - but sending bounce messages to forged from-addresses *is* *just* *simply* *useless*. It only creates even more pointless traffic *without* *curing* *the* *plague*. > that were being requested by people who are actually > experiencing excessive spam. I am. Hundreds, weekly. The best you can do is filtering in your mail *server* and taking appropiate measures (closing open relays, black lists, etc.) against the spammers' infrastructure.
"sending bounce messages to forged from-addresses *is* *just* *simply* *useless*." I agree that is true for most **forged addresses**, but bouncing messages to legitimate from-addresses is definitely NOT useless. Also bouncing to an invalid address can sometimes be beneficial if it is a valid domain and that domain's mail server is being used to send the spam. Also, since I do not have any numbers on how many spam messages use forged addresses, I'll use Kai's numbers. According to him, only 20% of the messages that he bounced came back to him which presumably means that the other 80% got delivered somewhere - whether that means it was the spammer or some mail server admin we have no way of knowing, but either way it has more potential of aiding in the war on spam by being delivered back to them rather than just being deleted. In my previous comment I described a simple expirement to determine whether bouncing can reducing spam. Try it before deciding this feature is "useless." "The best you can do is filtering in your mail *server* and taking appropiate measures (closing open relays, black lists, etc.) against the spammers' infrastructure." Of course, but most end users do not have the option of reconfiguring their mail server. Also, if the bounced mail gets delivered back to the postmasters of some servers with an open relay then maybe the bounced mail will alert them and encourage them to tighten down their mailservers. If no one here wants to implement a patch then assign it to nobody and label as help wanted, but please do not preclude others from doing so by marking this bug as WONTFIX.
"(...) which presumably means that the other 80% got delivered somewhere (...) Yes, they've got delivered. But in most cases not back to the spammer. Please have a look at the spam you receive. As good as all the from: addresses are forged. Often spammers put an address of a large company (MS, AOL, yahoo..) or of someone they don't like (like spamfighters) in there. You simply produce more traffic for nothing. If you bounce an email, make sure it bounces back to the correct address beforehand. As you get a lot of spam, this isn't practical. I'm not all against a bounce feature but don't use it against spam.
So it seems people disagree whether this feature would be for spam or not, so removing from the summary, also to not get into any trouble with Hormel.
Summary: Bounce Back SPAM(TM) → Bounce Back
I can attest to this. My Yahoo mail account, which I use for putting in places that might generate spam for me, has hundreds of messages coming to me weekly where someone used my Yahoo address as the from address of numerous SPAM. Fortunately, I can filter out the Returned Mail or various headers easily, but it's annoying. How about something to easier alert sysadmin, abuse, or mailman at the initial step of the mail of the spam? Thou I guess someone could fake the original mail hops and make it look like the spam host was a middle step and not the initial step.
For the record, Hormel's claim is relevant only to SPAM (in all caps). Although they'd prefer that someone coin a new word for it, they are not currently taking any opposition to the use of "Spam" or "spam" (utilizing lowercase letters) in reference to unsolicited junk email.
Bouncing spam will work only with "legimimate" spam which use their real address, mostly spam from service you have (have been) subscribed to. In that case you can most of the time unsubscribe which is more efficient than just bouncing the email. The only usefull usage I found so far, is to bounce those stupide joke emails I receive all the time from friends. Also works very well with email received from my mother in Law! But should we really give that kind of tools to the end user? what about abuse of it, could become very addictive!
Well, regarding the use of someone else's address as the source of spam mail, they did it for example with Linux.org. This site receives hundreds of mails daily because of this, from automatic bouncing enabled software, and from angry people who think Linux.org are the real spammers. Take a look at http://www.linux.org/about/spam.html I couldn't help and sigh after reading the whole report. It seems the spammers can't be beaten at all...
the original summary stated : a means to counter spam or to bring back some user privacy to email. this feature is not just for spam, as demonstrated it's not too effective at that. however it's also useful for hiding from individuals (not machines) you'd rather not have confirm your existance at a particular domain. i don't think it's implied to be the end-all spam solution.
*** Bug 189233 has been marked as a duplicate of this bug. ***
17 years ago
Whiteboard: [should be a mailnews extension]
This feature is not the final solution for spam, of course. However, it is very useful for it. Using this feature, probably the spam income won't decrease; but it is true that spam income won't increase!! Since I use Mozilla junk mail controls to detect spam messages, I don't use "Bounce Spam Mail" (an application to bounce back e-mails), and I see how my spam income is increasing (because, in my opinion, a minority of these spam messages really have a valid return recipient, and perhaps there are automatic systems which detect when an e-mail address is not bouncing).
This is now so far gone from my original request as to be useless. I suggest this request be dropped.
firstname.lastname@example.org shown as "gone"
Assignee: mscott → sspitzer
Status: ASSIGNED → NEW
People would use this for spam, since many wouldn't realize that it doesn't make much of a difference. I believe that to be a fact that can't be argued much (I realize people who know better probably won't, but not many people know better). If you support this bug right now, I suggest reading <http://www.techdirt.com/fotr/20030211/0230225_F.shtml>. I don't wish that on anybody, and I don't think Mozilla should help propagate it.
Implementing this feature will do much more damage than good. This should be resolved as WONTFIX.
I do not see how this feature would do more damage than good. People need to stop thinking only about spam. There are other reasons for this feature. Also I disagree with Comment #34 from Robert Mohr. Bouncing mail certainly does make a difference in regards to spam. I am not going to argue with you about it here, but it certainly can be argued and you would lose the argument. If you would like a detailed explanation proving why this is true, then email me directly and I will provide it for you. (BTW, I can understand why the author of the techdirt article was unhappy, but 500 messages in 36 hours is insignifigant and probably less than 1% of the bounced messages that he received were manually bounced via a feature like what is being requested here.) Last but not least, the lack of this feature is one of the reasons why I do not currently use Mozilla for my mail.
Apart from the questionable utility of the feature it will also break the standard way of how mail communication works and it would probably need headers or other information to be forged to work. I do not think MozillaMail should do this. If somebody wants to make an extension that does this, fine, but it should not be included in Mozilla.
Hi I would like to tell you about my experience about bouncing! I once had two mail accounts at the same domain, widely using both of them - and - as spam began to be a problem I noticed I usually received the spam on BOTH addresses, oh well. Since I only used one them anymore for quite a while and especially only one of them for all the private mails, I decided to shut the other one down in October 2003 - I set it to bounce back like any non-existing account. Then I made a rule in Mozilla marking the mails which still contained a to or cc to the old account, so that all those mails would be red. In the beginning about half! of my daily spam portion of ~200 Spammails were marked red.... Meanwhile I only get about 5-20 red mails each day for weeks now...! So it really looks that address got removed from a couple of the big spammers databases which tells me that bouncing actually may help ! Just my 2c of experience about this matter.... Matt
> So it really looks that address got removed from a couple of the big > spammers databases which tells me that bouncing actually may help ! But do you take into account the collateral damage you're causing? I get literally hundreds of bounce messages from self-proclaimed spam-fighters like you - but I'm just the victim of such an anonymous address forger. Bouncing mail by a mail user agent is just net terrorism. (Sorry for spamming.)
(In reply to comment #39) > But do you take into account the collateral damage you're causing? > I get literally hundreds of bounce messages from self-proclaimed spam-fighters > like you - but I'm just the victim of such an anonymous address forger. > > Bouncing mail by a mail user agent is just net terrorism. Sorry but I don't agree. If a spammer falsifies his from address to be yours, as m Mark Bitterling comments, most of the bounced messages you receive (perhaps all) will be produced because the recipients do bounce, not because there are some guys using Bounce Messaging Systems. If you are not interested in this bug to be resolved, or you just doesn't see it useful, remove yourself from the CC list.
> In the beginning about half! of my daily spam portion of ~200 Spammails were > marked red.... Meanwhile I only get about 5-20 red mails each day for weeks now...! > So it really looks that address got removed from a couple of the big spammers > databases which tells me that bouncing actually may help ! Sorry, but what you're seeing is that most spammers have cought up to spamfilters that filter on strange CC combinations. They simply send the spam as seperate messages instead of CC's. Some even use BCC. It's the evolution of spam your seeing, not bouncing messages.
Sorry, but bouncing spam can indeed help. Simple proof: 1) Setup 2 virtually identical email accounts. 2) Spread both address around the net until both are receiving thousands of spam messages every day. ( If both addresses have been used in the exact same way then they should both be getting the same spam. ) 3) Configure one account to bounce everything. ( since these are expiremental accounts, all incoming mail is spam. ) 4) After a few weeks, reconfigure the account back to normal. 5) Compare the number of daily spam messages that each account receives. You will then have undeniable proof that bouncing spam can reduce the volume of spam that an email account receives. BTW, you can not conduct this expirement with only one account. You have to have one account to bounce the mail and the other to act as the control to compare to.
> You will then have undeniable proof that bouncing spam can reduce > the volume of spam that an email account receives. Or you will have the undeniable proof that it isn't so. I have a spam pool of about 25'000 messages and all those that are newer than a year *have* a forged from: address. Spend your energy at another point fighting of spam, this won't help at all.
Obviously you have never performed the expirement. I have. The results are that bouncing spam can help. Also, as I have pointed out before, spam is not the only reason for this feature.
Maybe we should shift from this direction if we're primarily trying to target spam (as opposed to just hiding from people) and investigate the ideas similar to what AOL is persuing about verifying the sending IP of messages from a certain domain in a new bug? This would seem like a better use of resources and then we can WONTFIX this. Thoughts?
re comment 44: > The results are that bouncing spam can help. That's not the point. Of course it can help in those very cases where the spammer is dumb enough to use his real address (but then you could notify his ISP). The point is: The harm done to innocent others and "the net" is by far greater than the legitimate benefit. You're cleaning your doorstep by dumping the rubbish upon your neighbour's. And such behaviour is called antisocial.
If you want to Mozilla to try to verifying the sender's IP, then open a new bug...but that has no bearing on this bug. This bug is not primarily targeted at spam. The purpose of this bug is the implementation of user controlled bouncing of email. The contents of the mail, whether it is spam or legitimate mail, is pretty much irrelevant. Bouncing mail can help reduce spam, but even if it did not, I would still want this feature to be implemented. My primary reason for wanting this feature has NOTHING TO DO WITH SPAM. The only people who seem to want to make this bug only about spam are the people who are trying to close it. If you do not believe that a fix for this bug would benefit you, then remove your email from the CC list and go in search of a bug that you like. Please do not hassle the rest of us with your efforts to close the bug as WONTFIX.
(In reply to comment #46) > The point is: > The harm done to innocent others and "the net" is by far greater than the > legitimate benefit. You're cleaning your doorstep by dumping the rubbish upon > your neighbour's. > > And such behaviour is called antisocial. That is absurd. You have absolutely no basis for making such a claim. How are you measuring the benefit that this feature would provide? How are you measuring the amount of harm that would be done to innocent people? There is no measurement that I can concieve of that would justify your claim. You have repeated complained in this thread about innocent people receiving bounced spam that they never sent. I can empathize with those victims, but that has almost nothing to do with this bug. Those bounced messages are rarely a result of someone manually bouncing them; instead they are the result of mailservers automatically bouncing them. This bug will not change that one way or the other.
*** Bug 237108 has been marked as a duplicate of this bug. ***
I am at a loss to understand why this request has been so grossly perverted from my original request. The requirement is for a feature like Evolution's "Redirect". This is a menu item which forwards the current message to an address you type, *without* munging the headers. The mail thus appears in the recipient's mailbox as-from the original sender (normal Forwarding makes it appear to come from you). There is no (repeat: no) requirement for auto-bouncing or any other of the nonsense which has been discussed.
Peter: Indeed you are in the wrong place. What you are talking about is your own bug 125026, which has been *mis*marked a dupe of this one. Yours was, in fact, a dupe of bug 12916 -- please go there.
*** Bug 222113 has been marked as a duplicate of this bug. ***
*** Bug 103301 has been marked as a duplicate of this bug. ***
http://bounce.mozdev.org/ I think this is the project corresponding to the extension solving this RFE bug. There is nothing available yet as the project has just started. I must admit I also wonder if, in some cases, it will not make things worse than better. Let's take the following scenario. A "professional" spammer sends all his mails at once. Within some short time, he will have received all the automatic bounces coming from the mail servers. When much later, he receives new bouces for mails that have been accepted by a mail server, he might consider those addresses as verified ones since he will deduct those mails were manually bounced. To verify this, the testcase suggested in comment 42 should be amended to add a 24 hours delay before bouncing RECEIVED mail. Does one have the possibility to conduct this experiment? I would really be interested by its result! I don't say this should not be done as in some other cases, it might help.
*** Bug 255476 has been marked as a duplicate of this bug. ***
RE: making things worse or better. Bouncing (nor forwarding 8-) most spam would be a bad thing, so misuse of this feature would be anti-helpful to the world in general. There are, however, several cases of unwanted email that this feature is good for. In particular, the psudo-legitimate spam and incorrect membership spam. That is, when you get email from legitamate sources "confirming" you sign-up for something you didn't sign up for or when you receive not-for-profit donation email. For instance, I would like to bounce all the ebay "affiliate" email. For a while I was also getting "my free naked lady of the day" from some site and I had to reverse-engineer a few things to stop that. And for about a month I was on a family reuinoin discussion list for a family other than my own. And in another case I was part of some 5-way discussion in spanish. (yea, those last two arn't really spam, but they are unwanted and we don't have a special name for them... 8-) This is way less than 10% of my received spam, but I do get a bunch of it because "rwhite" is a really guessable/mistakable and already exists at virtually every suffix (hotmal.com, pobox.com, gmail.com, etc od nausium) provider. So I get a lot of messages it would be easier to bounce than try to stop through explination. But this feature would be bad for real spam. Its a tossup, so putting the feature where you have to _search_ for it will keep the noobs and clueless away from it but still have it there for the people who can find it... 8-)
*** Bug 264049 has been marked as a duplicate of this bug. ***
Hello. well I am looking for a plugin like this for a long time. But it lookes like development has stoped. No wonder, because most of you argue about if bouncing is good or not, and if spammer will notice it or not. Guys go to a normal forum and discuss there if bouncing is good or bad. This here is about the feature and how to solve the problem. I really would like such a plugin. So I am want to help out this project so that the plugin will work under thunderbird 1.0. Phil
*** Bug 296313 has been marked as a duplicate of this bug. ***
Kirsten, anyone else... If you don't have any constructive comments or cycles to donate then I suggest joining another project. If you don't want to do this then take your complaints offline. The thread is filled up with argument about WHETHER or not to handle the bug, and not WHAT to do. Please stop. Coming here simply to lay down roadblocks and foment discontent is grounds for being removed, and I for one hope that people will continue to work towards a viable solution. There is no room for argument about IF. It's HOW. Spam filters and blacklists and whitelists and all other methods HAVE FAILED TO WORK. There is more Spam now than ever before. I work at Microsoft and I'm free part of each week to work on this. I will take any suggested fixes sent to email@example.com and work on them in my spare cycles. I view that not only is spam-blocking and relay-listing a total failure, but it's apparently had the REVERSE effect of actually increasing Spam, because these are reactions that have work-arounds. They've gamed the system. I view that only when automation is countered with automation will Spam become less problematic. All Email systems have the ability to reject messages. The key is in how we impliment these features. Bouncing back messages forces the spam-generating server to deal with it's own excrement. I don't really care if this affects anyone because they'll improve their services as a consequence, or stop whatever they're doing that contributes to the problem. Scenario: 14 systems sending v.iag9a spam. 2 are from .edu, 2 open relays, the rest assorted other systems. Sendmail bounces back all spam marked by the user with "User Unknown". The 2 .edu systems crash from the flood. The 2 open relays overload. The assorted other systems handle it if they have the capacity, or ping admins. ;) Results: 0 systems continue to send spam. 2 .edu systems are back up in hours or minutes from security policies action. 2 open relays can get stuffed. who cares? fix it or learn. assorted mainline systems either stop the spam or ARE the spam. Conclusion: Problems? What problems? Extrapolation: People who fight against the bounce are fighting to save spam. //agenda? Don (In reply to comment #13) > > this bug is about bouncing back spam-mails to the sender > > pretending the recipient does not exist. > I can't see what this this should be good for. > Spammers almost always forge the from-address, so this bounce is going to annoy > another innocent victim - apart from causing unnecessary traffic. > Proposing WONTFIX.
I agree with Don (except about the filters not working...they can be effective, albeit not 100% so). The more tools we have in our arsenal against spam, the better. The advantage of this approach over filters, is that it actually incentivizes (to steal a word from economics, but then, this is really an economic problem) the stopping of spam at the source. Filters don't do that. I think this is what Don was getting at: the people running mail servers with open relays will have an incentive to close them; the people running mail servers with security holes will have an incentive to plug them. That is, of course, if enough people bounce back the messages. And as Don said, everyone else *is* a spammer. And if the spammers keep getting bounce messages back, they'll never know how many messages got through or how many are reading them. At the very least, it'll make it somewhat more costly to send spam. I don't see any reason *not* to implement this.
"Bouncing" mail after having accepted it (as opposed to refusing mail during SMTP interaction, which Thunderbird and SeaMonkey Mail cannot do since neither of them is an SMTP server) often sends the "bounce" to some innocent third party: it therefore contributes to the spam "problem", not to its "solution". See http://www.spamcop.net/fom-serve/cache/329.html for a more detailed explanation. I move this bug be WONTFIXed.
(In reply to comment #62) > [...] > See http://www.spamcop.net/fom-serve/cache/329.html for a more detailed > explanation. If you don't like Spam, stop spamming this bug. Read comment#60 please. BTW, having SM or TB not implementing a mail agent is not a blocker for this, as it could use SMTP forging (imaging that you have a corporate mail agent that you have configured to accept this).
Filter on "Nobody_NScomTLD_20080620"
QA Contact: laurel → backend
Whiteboard: [should be a mailnews extension] → [add-on idea]
dup of bug 12916
(In reply to comment #65) > dup of bug 12916 Nope.(In reply to comment #62) > "Bouncing" mail after having accepted it (as opposed to refusing mail during > SMTP interaction, which Thunderbird and SeaMonkey Mail cannot do since neither > of them is an SMTP server) often sends the "bounce" to some innocent third > party: it therefore contributes to the spam "problem", not to its "solution". > > See http://www.spamcop.net/fom-serve/cache/329.html for a more detailed > explanation. > > I move this bug be WONTFIXed. Indeed.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.