Holy Bounces Batman!
We are nearing three days of a massive bounce flood. During peaks we are seeing upwards of 1000 bounces a second in addition to our normal mail volume. Needless to say, we’re used to less and the new total of bounces plus normal traffic is three times our normal volume and choking the server periodically. Right now it occasionally stops accepting connections and sometimes it faults. It has to be babysat to keep going. To create the perfect storm for a bounce flood two things must be in place, complete idiots administering mail servers and one or more asshole spammers.
The idiot admins role is one of configuring their mail server to accept a message then reject it later for whatever reason. I’m going to say this only once, reject only at the connection, if you accept the message you keep it. Period. You do not accept then send a bounce. This is very poor etiquette and demonstrates a complete lack of knowledge about your subject. If you are running a mail server that you cannot configure in any other way, delete it. Don’t use it. It is broken. I don’t care if it has features you like, stop using it! Messages should either be rejected at the connection or accepted and if accepted you own them.
The asshole spammer’s role is simpler. He just configures his spamware to generate random names at some domain for the from line of his spam (because the from must contain a valid domain name to be delivered) and sends out 100 million messages utilizing some botnet. The end result is the forged domain gets hit with millions of connections from mail servers around the world delivering bounces to tens of thousands of non-existent accounts. A veritable flood of connections. This should be classified as a deliberate attack. The spammer has to know the result. This means he/she is doing it deliberately. Both the spammer and the product he is advertising should be held responsible for loss of business and damages. I also think the mail servers that accept then reject should also be financially responsible for the damages as their negligence played a big role.
Bounce floods suck. There is no way to stop them short of retiring the domain from e-mail by setting the MX to localhost. You can reject the bounces, but you are still getting pounded with connections, both to SMTP and DNS (all those millions of machines have to look up the MX record to deliver the bounce). It’s flat out a denial of service attack. Meanwhile all I can do is continue fighting to keep the server up, and hope it runs it’s course soon.
Oh, and don’t get me started on this Sender Address Verification (SAV) bullshit so many run. Besides the fact that it is impossible to tell the difference between you and a bounce, your servers are also slamming me and contributing to the connection flood. Also of notable mention are the morons running Challenge/Response (C/R), I’m getting hit with thousands of challenges too. You both control your spam by making it my problem.
So to those running SAV, C/R, or a poorly configured mail server I say: Very poor etiquette, you fail basic admin 101. I don’t care if you justify it by thinking “mine only sent one”, fifty million other idiots just like you thought the same thing and now I’m dealing with fifty million of those “it’s only one” connections. You are all equally culpable. Get off the Internet until you learn how to properly behave in a cooperative society!
PS: I realize I haven’t written here in nearly a year, I have no excuses. I’ll try to update more regularly but make no promises.
