Challenge-Response System: Soft bounce messages disabled

This is a forum about all kind of information about TrashMail.net related information, news and outages.

Post Reply
Admin
Site Admin
Posts: 1243
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Challenge-Response System: Soft bounce messages disabled

Post by Admin » 20 Jun 2013, 19:35

I just disabled the automatic notification of challenge response system messages.
It means that if a message is in the queue, normally after 7 days the sender gets a message that the email has not been accepted.
Or if someone clicks on accept, the sender gets an email that the email has been accepted.

I had to disable this automatic emails because many of the incoming emails were sent from spammers with forged email address (faked FROM header), so some times people got wrongy automatic emails or even honey pots which ends that TrashMail was blacklisted on RBL's.
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

User avatar
Saxtus
Posts: 94
Joined: 05 Oct 2009, 06:13
Location: Athens, Greece

Re: Challenge-Response System: Soft bounce messages disabled

Post by Saxtus » 20 Jun 2013, 21:21

Totally understandable, but I guess there is nothing that can be done to the first email that is sent to the faked FROM sender, asking him to verify, so there is still the danger.
Is there a way to not send the email at all if you can't validate that the FROM address is legit?

Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

Re: Challenge-Response System: Soft bounce messages disabled

Post by Z » 21 Jun 2013, 07:51

Well, if people would simply use SPF & DKIM it would help a lot to preventing from fakes. But because they're not, there's much that can be done.

Admin
Site Admin
Posts: 1243
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: Challenge-Response System: Soft bounce messages disabled

Post by Admin » 21 Jun 2013, 08:08

Saxtus wrote:Totally understandable, but I guess there is nothing that can be done to the first email that is sent to the faked FROM sender, asking him to verify, so there is still the danger.
Is there a way to not send the email at all if you can't validate that the FROM address is legit?
Yes, there is still a danger. I'm currently rewriting the backend that this soft bounce will be replaced by a direct SMTP error:
So this people will get an 550 error message, where inside the message will be written the link to the page where they need to confirm the CAPTCHA code instead of soft bouncing it.
Additionally TrashMail will become then transaction safe, as you will got only SMTP code 250 if mail has really been processed and forwarded.
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Admin
Site Admin
Posts: 1243
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: Challenge-Response System: Soft bounce messages disabled

Post by Admin » 21 Jun 2013, 08:08

Z wrote:Well, if people would simply use SPF & DKIM it would help a lot to preventing from fakes. But because they're not, there's much that can be done.
Yeah, but inside the mail (the mail message, not the envelope) the FROM header could be still forged.
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

Re: Challenge-Response System: Soft bounce messages disabled

Post by Z » 21 Jun 2013, 08:33

Admin wrote:Yeah, but inside the mail (the mail message, not the envelope) the FROM header could be still forged.
Yes, but from headers you can see real information. And because if message is fake, it won't get delivered anyway. So only legimate sources could still send fake messages and 99% of "random botnet sources" are immediately dropped, which are the most common source of spam.

Post Reply