Antispam faking "no such user here"

_rik_

Verified User
Joined
Sep 25, 2019
Messages
36
Location
England
Hi guys,
coming from CPanel I wonder if there is a similar way with DA filter or Spamassassin to reply "No such user" when receiving emails that are blacklisted by ip or word or address.
I mean a reject (a 5xx code in the server transaction) not a bounce back (a reply after accepting the email). This would be a very nice way to fight spam. Simply dropping emails, for a spammer means: "Email delivered OK, I'll do it again and forever". Having a 5xx error means: "I'm wasting time with a dead email, I'm better remove it".
 
Last edited:

_rik_

Verified User
Joined
Sep 25, 2019
Messages
36
Location
England
If this function is not available, wouldn't be nice to add it in future releases? It's very effective against spammers.
 

warg

Verified User
Joined
Nov 30, 2020
Messages
101
Actually I can tell you that spammers don't mind much wether it's a dead address. I think this could become a problem if the spammer uses a fake 'reply-to' email address resulting in your email being delivered to other people.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
2,971
Location
Murfreesboro
Hi guys,
coming from CPanel I wonder if there is a similar way with DA filter or Spamassassin to reply "No such user" when receiving emails that are blacklisted by ip or word or address.
I mean a reject (a 5xx code in the server transaction) not a bounce back (a reply after accepting the email). This would be a very nice way to fight spam. Simply dropping emails, for a spammer means: "Email delivered OK, I'll do it again and forever". Having a 5xx error means: "I'm wasting time with a dead email, I'm better remove it".
Do you have a link to the Cpanel docs on the feature you are referring too? Maybe we can find the equivalent here at DA.
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,995
Spam actually needs to be fought before the email is accepted. The 5xx code needs to be done by the mail server during the initial transaction. Exim has some filters that can be applied that will do what you want and reject it before its accepted. I've done it before but its been years.
 

_rik_

Verified User
Joined
Sep 25, 2019
Messages
36
Location
England
Actually I can tell you that spammers don't mind much wether it's a dead address.
If the spend money and time to simply get tons of errors 5xx I doubt they keep going waisting resources for nothing.

I think this could become a problem if the spammer uses a fake 'reply-to' email address resulting in your email being delivered to other people.
Dont' confuse reject with bounce. I'm looking for a reject.

@floyd That's what I was looking for but I'm on a DA reseller plan so I can't manage exim by myself.

@bdacus01 I don't have any cPanel now and I can't remember the menu where you set the "No such user here". I remember there is a page where you choose from moving to spam, dropping ore rejecting with "No such user here".

I'll make a request for feature and in the meantime I'll keep manually forwarding to spamcop/abuse addresses.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,145
Location
LT, EU
@bdacus01 I don't have any cPanel now and I can't remember the menu where you set the "No such user here". I remember there is a page where you choose from moving to spam, dropping ore rejecting with "No such user here".
That dropping (fail with message) still responds with code 2XX, as it happens not on SMTP time.

Code:
250 OK id=1kkEKt-0007Q3-88
QUIT
221 mail.testingserver.com closing

It just bounces with the message later. So, nothing fancy there.
 

_rik_

Verified User
Joined
Sep 25, 2019
Messages
36
Location
England
It just bounces with the message later. So, nothing fancy there.
OK. So if DA implemented it would be the first (?). ;)
Basically the panel should edit exim/postfix filters.
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
2,202
Location
London UK
4) But most of all, because of the 3 points above, the spammer will be quite happy to remove such recipient from his DB.
Are you really sure, though?..... A spammer can have millions of emails in a file, do you think they'd bother deleting the ones that fail?

If you really want to stop spam/scams, you'd need to stop people from getting their hands on "hacked" databases.
 
Last edited:

_rik_

Verified User
Joined
Sep 25, 2019
Messages
36
Location
England
If you really want to stop spam/scams, you'd need to stop people from getting their hands on "hacked" databases.
Being a spammer doesn't mean being an idiot. Especially those who makes a profession out of it, with millions of recipients, they have automatic systems to remove targets whose emails results dead after a certain amount of failures. Otherwise after a year they would find themselves working for nothing.

A second category is a huge group of small companies that doesn't even know what is spam... they simply are entusiast of themselves and they spam in good faith. Probably they don't have the same software or automatic auto-removal of dead emails, but they will surely clean the DB once in a while to prevent their account to go overquota or their Outlook to explode.

A 3rd category involved are those who sells DBs: they cannot sell DBs that are 90% rubbish, so once in a while they removes the dead emails.

Whatever the case, imagine a world where everyone uses antispam with err 550 instead of simply acquiescing with a drop or a spambox! :)
And by the way, why should we make their life easier accepting their spam and let them know the delivery was OK?

If you really want to stop spam/scams, you'd need to stop people from getting their hands on "hacked" databases.
Very much simpler than implementing a reject 550, eh?! 😁 However... Anything do, but I don't think that's the main point, especially because there are many services and companies that sells DBs (and are not hacked, are legal). Millions of spam comes because people register here and there without reading the T&C saying "You agree we can pass your email to our partner...". In this case, (probably 50% of the world spam) you can't even report the email as spam because you inadvertently agreed to be targeted.

So, a reject 550 would be a valid help, whatever the case.

Vote for a better world! :)
 
Last edited:

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
2,202
Location
London UK
Still think it'll be a waste of time but, hey, at least if it is implemented, make it optional.......
 

_rik_

Verified User
Joined
Sep 25, 2019
Messages
36
Location
England
If they really add such function, they will surely make it optional. I suppose they would put it in the page where you now choose between "Drop" or "Send to spambox".
 

warg

Verified User
Joined
Nov 30, 2020
Messages
101
If the spend money and time to simply get tons of errors 5xx I doubt they keep going waisting resources for nothing.
They don't. They just use some cheap hacked systems which had ancient security holes and then they spam. They don't care about it as they have easily hundreds of servers and making sure you deliver properly takes more time than ignoring the issue which is no issue for them. In practice I have several examples where spam is sent without any sign of being alive nor that anybody will read it at all. The spam didn't even change, although it never had success. It's always the same lame content. If you are serious about having no dead mailboxes in your database, then you will also monitor the quote of how many emails were read. E. g. some companies remove you from their newsletter list if you read only 1 % of the emails they send because sending is more expensive than what they might gain from you.

Actually you would even have to monitor if the spam is rejected multiple times to know if it's really a dead mailbox. Otherwise it could be a temporary issue, especially due to the fact that we have lot of wrong error codes being sent in IT so it's not that much of a useful hint.

Of course it could be implemented without too much effort I think but I'm not sure it's changing anything. Otherwise other companies would adopt it too I think.
 
Last edited:

_rik_

Verified User
Joined
Sep 25, 2019
Messages
36
Location
England
They don't. They just use some cheap hacked systems which had ancient security holes and then they spam.
The spam that you are talking about hits me in the measure of the 1% (e.g. indian boys asking to realize a smarphone app for me). In my case, 99% of spam are ordinary companies. Most of these companies spam with an email of their business domain; others use Sendgrid and Sendingblue . Anyone of them are interesting in READING the reply because in my case at least 50% of the emails are the sum of people who want a reply by mail + people who are using the company email or a personal email with name/surname/phone number/VAT. So they will be highly bothered receiving tons of "No such user here" every time. 😁 If I simply drop the email, they will go ahead forever.

Who doesn't want to use it, has simply to do nothing. It's not a religion, it's an option. :)
As an option anyone could try by himself to check if it's effective or not for his use case.

Actually you would even have to monitor if the spam is rejected multiple times to know if it's really a dead mailbox.
I've already talk about this exact point in previous posts. That's the reason spam software don't stop immediately at the first failure, they requires many failures... and an option "reject 550" would do this job very well!

Of course it could be implemented without too much effort
I'm not sure it's easy beacause it requires an integration with the mailserver filters/ACL.
I think but I'm not sure it's changing anything. Otherwise other companies would adopt it too I think.
For a start, cPanel already have that (despite @smtalk above says that's implemented with error 2xx) and I found it very effective for me. So a 550 would be MUCH better. That's why I think in my case it would resolve a lot.
 

warg

Verified User
Joined
Nov 30, 2020
Messages
101
In my case, 99% of spam are ordinary companies.

That's no issue I faced yet. If it were ordinary companies in my cases, I knew the answers and the issue would be stopped after first or second email. So yep, your case is completely different than mines.

I've already talk about this exact point in previous posts. That's the reason spam software don't stop immediately at the first failure, they requires many failures... and an option "reject 550" would do this job very well!

I'm aware of that but a reject (regardless if it's as an email or an unexpected exit code) could be caused by a technical issue too, thus it would have to be monitored too by them.

Who doesn't want to use it, has simply to do nothing. It's not a religion, it's an option. :)
As an option anyone could try by himself to check if it's effective or not for his use case.

I fully agree on this. I didn't mean that it shouldn't be implemented. Indeed, I would try it out at least if I face such an issue on my DA servers.
 
Top