1 Preamble 1.1 Q: What is the motivation/reason for making this FAQ about email bounces? A: I handle the bouncing emails for the site http://www.watchthatpage.com/ When I started out watchthatpage.com was receiving in excess of 2.2GB of bounced emails a day. No one at www.watchthatpage.com had really bothered with/had the time to work on the problem. Naturally I thought there would be an abundance of free and readily available tools and information on the net on this. But even after extensive googling I was left wanting. Wery much so. So this FAQ and the whole domain http://bouncegrokker.org/ is ment to help those maintaining mailing lists etc. -------------------------------------------------------------------------------- 1.2 Q: Who maintains this faq? A: I am Jon Ross. I live in Oslo, Norway. Born july 9th 1965. You can reach me by email on bg+at+bouncegrokker.org -------------------------------------------------------------------------------- 1.3 Q: Where is this FAQ hosted? Where can I get the latest version? A: The FAQ and can be found at http://bouncegrokker.org/FAQ.txt Hopefully I'll get a mirror up soon for redundancy. -------------------------------------------------------------------------------- 1.4 Q: What does the name mean? A: The name is put together from two words: Bounce - Signifying email bounces. Grokk - Is a verb that connotes knowledge greater than that which can be sensed by an outside observer. See http://en.wikipedia.org/wiki/Grokk for more information. -------------------------------------------------------------------------------- 1.5 Q: Why bother? Why just not send all the bounces to /dev/null? A: Although the idea is tempting, It is not a good idea to ignore bounced emails. A technical reason for this is the fact that many ISPs/companies mailservers monitor the amount of emails sent to their domain that bounces. If a domain (yours) send to many emails that bounce, they assume you are a spammer an block you out totally. So you won't bed able to send email to any user in their email domain. And, of course, it's about not wasting resources, being polite, being a good citizen, netiquette etc. -------------------------------------------------------------------------------- 1.6 Q: Is this FAQ Operating system independent? A. My background is Unix/Linux. So the tools I make are for those platforms. They probably work under Cygwin (http://www.cygwin.com/) on M$ Windows plattforms as well. Why anyone would run a (large) mailing list or a large SMTP server on a Wintendo machine is beyond me. -------------------------------------------------------------------------------- 2 Basic Questions 2.1 Q: What is a bounce email? A: Please see http://en.wikipedia.org/wiki/Bounce_message To quite from the start of the Wikipedia article: "A bounce message, or Delivery Status Notification (DSN) message or, simply, a bounce is an automated electronic mail message from the receiver's mail system, the message tells the sender that the message could not be delivered. The original message is said to have bounced." -------------------------------------------------------------------------------- 2.2 Q. What does the status code (e.g 5.4.4 or 4.1.1) in a bounced email mean? A: Please see RFC 3463. It can be found at http://tools.ietf.org/ Direct link is http://tools.ietf.org/html/rfc3463 But basically 4.x.x means a problem that could/should go away. And 5.x.x implies permanent error. Beware the fact that many SMTP servers are incorreclty set up and give 4.x.x status codes even on permanent errors. For instance the (very fine) MTA postfix (http://www.postfix.org/) in it's default install advises status 450 (try again later) when installing and set it to 550 (reject mail) when install is finished. Manny people installing postfix forget to change it back to 550 when finished. -------------------------------------------------------------------------------- 2.3 Q: What do you think about VERP? A: I think the concept of VERP (Variable Envelope Return Paths) is ingenious! Very often it is very dificult to understand to whom a bounced email was originally sent to. If you use VERP (see http://cr.yp.to/proto/verp.txt) you will allways know the recipient address that gives you trouble. If you can, use VERP. If you can't use VERP, maybe you can insert a header line in the email like "X-MYLIST-ID: emailaddresto date". If the email bounces the email header is usually returnded so you ca see the X-MYLIST-ID line to identify the address that gives you bounces. -------------------------------------------------------------------------------- 3 Blacklist Information 3.1 Q: Many mailservers use blacklists/blocklists to keep spam out. Why don't you like that? A: Firstly: I hate spam more than most people. I have both personally and professionally used much time working with anti spam measures (I relly love http://spamassassin.apache.org/). There are many reasons blocklists based on IP addresses is a bad idea. E.g: - The approach is too simplistic. - IP addresses change. Some innocent guy may get an IP earlier used by a spammer. - Spammers (also) send email through ISPs official mailservers. I one PC in an ISP's net of thousands of PCs sends spam through the ISPs mailserver. Then all of those PCs are unable to send email to the domain. (Talk about "one rotten apple".) - There are many, many, many different blocklists. Commercial and free. It's impossible for a poor email list maintainer to know how and where to contact to get unlistet from blocklists. I think the blacklists should be used like they are being used in Spamassassin (http://spamassassin.apache.org/). Not to block IPs totally, but as an indication of an increased possibility that this is spam and to score with a score for being on a blacklist _combined_ with other analysis of the email. One should not reject email solely on the sender's IP address. -------------------------------------------------------------------------------- 3.2 Q: Can you list some blacklists/blocklists? A: Here is a random list. There are many more of these lists out there. - RBL: bl.spamcop.net - RBL: combined-hib.dnsiplists.completewhois.com - RBL: dnsbl.njabl.org - RBL: dnsbl.sorbs.net - RBL: ipwhois.rfc-ignorant.org - RBL: list.dsbl.org - RBL: opm.blitzed.org - RBL: relays.ordb.org - RBL: sbl-xbl.spamhaus.org - URIBL: multi.surbl.org - URIBL: multi.uribl.com -------------------------------------------------------------------------------- 3.3 Q. How can I check if I'm listed in a blacklist/blocklist? A: Many places to check for this. But no _one_ place that I know of checks with absolutely all lists. Try one or more of these (not exhaustive list): - http://www.rulesemporium.com/cgi-bin/uribl.cgi - http://www.completewhois.com/rbl_lookup.htm - http://www.habeas.com/ -------------------------------------------------------------------------------- 4 Whom To Contact