Bogus email address spam handling?

I've noticed an increase in spam coming to what seem like intentional typos, or small modifications, of previously "real" addresses. What do you think is the best way to handle these, and why? Things I've considered or tried are:
standard options: Bounce them all or Quietly delete them all
Other: Auto-forward to a spamcop reporting address.

I think my goal is to help maximize the ratio of increased spammers' costs to everybody else's costs. So, bouncing or reporting seems to be the logical choice, and I lean towards auto-forward/reporting. This way the spammers should know the mail is not working, and delete the addresses from lists. On the other hand, quietly deleting adds zero additional costs for everybody else, and continues wasting the spammers time/resources (and everybody else's) sending mail that simply disappears.

One thing I don't know (among millions of other things ) is the statistics/data on my bounced addresses. I don't know whether emails keep coming to the bounced address, or eventually quit coming.

Regards,

Bob S.

I can answer that one... most of the time, they keep coming. Very few spammers pay attention to User Unknown errors.

Another thing to know is that if you have a wildcard, our system doesn't currently send a real bounce (i.e., a 550 "reject" message during the SMTP process), but rather sends a fake bounce back to the sender. A reject message during the SMTP process is better because it's more likely (but still unlikely) that a spammer will notice and remove your address -- and it's also not going to send a bounce message to an innocent bystander -- but the "fake bounce" will.

I wouldn't suggest autoforwarding to spamcop unless there's some sort of confirmation involved... I'm not sure whether or not there is. While it's unlikely that non-spam will get in your "legitimate" folder, this creates some risk of generating false Spamcop reports. Creating false Spamcop reports is a bad idea because it makes ISPs more likely to take these reports with a grain of salt, and creates extra work for someone. Spamcop makes mistakes often enough that any Spamcop submission should be reviewed by a real person.

> I wouldn't suggest autoforwarding to spamcop unless there's
> some sort of confirmation involved...

Oh, yes. Please do not ever use a 100% automated system for spam reporting. One thing I noticed when I was handling SpamCop reports is that many of them were reports from customers whose own URLs were mentioned in the body of the email ("we just saw your site at www.blah.com"), and neglected to modify who the report was sent to.

That's not even the fault of SpamCop, as they tell you to watch out for this. I'm such a nice guy (heh), I've never disabled a customer after they reported themselves, but it was rather annoying.

- Jeff @ DreamHost
- DH Discussion Forum Admin

What you both say about not auto-reporting makes some sense. OTOH, I know that human scanning can also be fallible, not that I'd ever report myself.

Reporting yourself isn’t as bad as reporting your own customer for formmail probing because the DH formmail showed up in your logs (as a referrer) when they used your message form, not that I’d ever do that either.

If you forward emails through Spamcop for filtering (pay service), then reporting still requires a human confirmation (of a minimal list with display of only From, and Subject). It’s no surprise that it can become an almost robotic/automatic process, but in theory it gives you a last chance to catch false reports, I suppose. For those “I saw your site” spams, the pay service does not seem to allow you to select who gets the reports like the free reporting does. It seems to be all or nothing reporting AFAIK, but I haven’t got myself into trouble yet (or at least you haven’t complained).

Why do I get the following back from Spamcop (when forwarding a spam), BTW, and how can I fix it?

In reply to:

---

“SpamCop encountered errors while saving spam for processing:
Message forwarded in html wrapper.

When forwarding spam, use a MIME attachment or text-type message with
the spam enclosed. Do not send spam in HTML format. Sometimes this
error is caused by using a "resend" feature to forward spam.

HTML spam should be sent in text (source code) format.”

---

Cheers,

Bob S.

Probably you have your e-mail program configured to send mail in HTML format instead of plain text. You should change your configuration to use plain text only.

If you're using one of the Microsoft abominations (Outhouse, Outhouse Excess), the forwarded message might still not come out the way SpamCop wants... those atrocious programs tend to "munge" both the headers and body of anything that passes through them, like it was eaten up, passed through the program's digestive tract, then excreted out the other end. You're best off switching to a more standards-compliant mail client, like Mozilla or Pegasus.

Incidentally, you're also violating some standards in your postings here... your quotes and apostrophes are the nonstandard Microsoftism characters that are not part of the ISO-8859-1 character encoding (which Dreamhost's server announces the forum pages to be using), but only in the proprietary Windows-1252 set (which puts these characters in a range that's reserved for control characters in ISO-8859-1 and in Unicode). Are you typing them in that way, or pasting in your text from some other program?

-- Dan

Dan,

I thought it would be clear given the context, but actually, I was referring to an auto-forwarded email, which went straight from DH without passing through my email program. So, it's apparently a DH configuration issue.

Before Jeff and Will jump on me for not taking their advice, let me hastily add that the probability is very low of non-spam going to the couple addresses I've forwarded.

You don't have to convince me about ms LuckOut, etc. I mostly use Eudora, not that it's perfect either.

Sorry about the "violations". I didn't know... Will violators be prosecuted? Lately, I use Mozilla or Phoenix for postings here. The previous quote was copy/pasted from Eudora. Blame it on Windos 98?

Regards,

Bob S.