|
|
|
|
|
|
by 1718627440
358 days ago
|
|
|
Aren't auto-replies set up by your users voluntarily? Would really annoy me if the server admin is working against his users. A spammer still knows whether an address exist, because otherwise the mail would bounce. Unless you also block those? Would that even be an RFC-conformant server? So if I send a mail to your server and have I typo in the address, I wouldn't even know? That sucks, even more so, since a lot of communication is nowadays forced into email and it is silently assumed that every message has arrived by laymans. Also do you think a spammer cares if your address actually exists? I would expect them to send millions of messages regardless. Curating the addresses would mean that they need to actually spend resources. Given the already low conversion rate, non-existing addresses are just noise. Unless you think about targeted phishing? In this case they probably know your address already. |
|
|
I did mention in the top post, "if your user-base is cool with it." Not everyone is and that's why I leave it up to the majority. In places that had mismanaged email for decades it can be a welcome change. In one company I brought the spam down from about 50K+ spam messages per hour down to a dozen per day spread across the entire company. It was not without some pain especially for the executives that had buddies spawning third party companies out of their garages but I told them to suck it up. The users were overjoyed to finally be able to use email again since they depended on it to do their daily job.
Also do you think a spammer cares if your address actually exists?
They do and don't. The cost to them is nothing in terms of resources since they are using infected computers to do most of the work but if they have too many dead addresses it is easier for junior admins and cheap anti-spam software to spot them which can mean most of their spam ends up unseen. Proofpoint is just one example of software that can spot this and instantly start sending all their emails to quarantine. For existing employees that had their email address leaked by out-of-office messages and other notifications they had to rely on my anti-spam measures and third parties in companies that permitted this. New employees benefited more from these measures.
Some of the RFC's are conditionally ignored by the big providers and it annoys me just as much as I am sure it annoys you because there are timeouts they artificially shorten well below the RFC "must" values vs, "should". The rate limits on the big providers are also obscenely low. This is mostly the big "free" providers which are anything but free. Yes targeted phishing is its own massive topic. I was the number two recipient of targeted phishing at one company and I did not see any of it thanks to proofpoint but they generated some nifty reports. I'm glad they took care of it because one of my hobbies is tracking down shady people IRL and that quickly turns into a time sink. Now that I am retired I can spend unlimited time finding the shifty individuals.