Don’t Bounce Spam
October 4th, 2007I remember using that “Bounce” command in Mail.app a few times many years ago. My intentions were good: to convince spammers that my email doesn’t exist and they shouldn’t bother. But I always sort of wondered whether it was worth it, and whether I would sufficiently fool the sender that my email address no longer existed, or whether it would just indicate that I was alive and actively looking at spam before bouncing it.
Michael Tsai, developer of SpamSieve, is the man I trust for all things spam. He says bouncing is useless, and may be dangerous. So that settles it.
Speaking of SpamSieve, I should read the manual one of these days. You install it, you train it, and then it basically just works. So it’s easy to forget about it and never bother really exploring all of its features. I recently discovered that SpamSieve logs every decision it makes along with some pretty interesting information about why it made it. So if you ever spot a misjudged spam or ham message, take a look at the log message for some interesting details about why it may have happened. (Then train it so SpamSieve learns how to remedy its error).
PS SpamSieve satellite tool for UNIX servers pretty please. If I could run SpamSieve on the server, and administer the corpus remotely from my Mac, I’d be an extremely happy camper. This would also be a killer feature for many iPhone owners.
Update: Michael is on a tear today with good SpamSieve tips. His note about spam forged from “me” may be inspired by a question I asked him a few days ago, where spam was being automatically let through from one of my many business addresses. Simply adding the address to the “Me” card in Address Book fixed the problem!
October 4th, 2007 at 9:57 am
Though SpamSieve doesn’t run on Unix servers, it is possible to use a Mac as a spam filtering server and train it removely from one or more Macs or iPhones.
October 4th, 2007 at 10:22 am
Daniel, DSPAM is really the ultimate spam solution for Unix servers of any flavor. (I run it on my Xserve box.) It does require some fairly good Unix sysadmin skills, but once set up, it catches 98+% of all spam (about 2K messages a day in my company’s case). It’s open source, mature, and well-supported on the mailing list. It has the advantage of working at the source, if you run your own servers.
October 4th, 2007 at 10:25 am
Thanks, Chris. The problem is I want all the convenience and design elegance of SpamSieve. I used to run SpamAssassin on my server but I got wooed by SpamSieve simply because it has a Mac design mentality that I agree with.
October 4th, 2007 at 11:38 am
I know another reason not to use the Bounce command. I used to use it, and my mail provider at the time suspended my account because they thought I was running a mail server (violation of TOS) and had misconfigured it. They reinstated me after I explained that no, I don’t have a mail server, it’s the Bounce command in my mail client.
I haven’t used the Bounce command since.
October 4th, 2007 at 12:43 pm
Worst of all, and something I’m surprised wasn’t mentioned is that the return address is probably forged, so if you bounce it, you’re effectively forwarding the spam to some innocent and unlucky bystander. I’ve had no shortage of spam bounces come to me after some well-meaning but misguided person decided to return the message to the apparent sender (me) without regard for whether that person was the actual sender. Bouncing in this case not only fails to reduce your own spam, but makes the problem worse by forwarding the message on.
October 4th, 2007 at 12:44 pm
Oh wait, that was mentoned, never mind…
October 4th, 2007 at 2:42 pm
A huge problem I found out with using the Bounce command too much, is that the spammers might then hijack your supposedly “invalid” account, and then use your e-mail account as the reply to address when they spam people.
I had one of my accounts hijacked and I ended up getting around 200 pieces of bounce backs as other places thought I was sending out the spam.
Fortunately, after a number of months, this finally died down, and the excess bounce backs are in the low numbers, about as bad as my regular spam.