Hello,
On Wed, Dec 20, 2023 at 04:11:05PM +0100, Christoph Brinkhaus wrote:
> I have heard that there is a countermeasure against spam run be big mail
> providers by rejecting the first contact by SMTP and accepting the next
> contact. Most spammers seem to try just once.
I think you are talking about the practice of "greylisting". This
involves giving a 4xx SMTP response to "new" correspondents, which
is a temporary failure code that instructs the sending server to try
again later. They usually will within just a few minutes, at which
point it's not considered a "new" interaction and is allowed
through.
The purpose of this is to weed out compromised hosts sending email
directly, rather than through a proper mail server. Such malware
usually won't bother to implement a full mail server with queueing
and retries, so will give up after even a temporary failure.
There was a period of time when large spam runs using compromised
hosts were prevalent, but in recent years spammers do tend to use
rented hosts with proper mail servers on them, so greylisting has
become less effective. Some people say it no longer has any
noticeable benefit.
Greylisting would not cause the symptoms that you and Pocket are
experiencing; any sensible mailing list server including Debian's
will cope with temporary failure.
If we're not talking about greylisting, using a 5xx SMTP hard reject
code on new interactions would not make a lot of sense as a form of
antispam measure. There are some misguided people who use a sort of
allowlist approach where every new correspondent gets an automated
message telling them to visit a URL to prove they are human, before
any mail is allowed through to the real recipient. These use
non-delivery report emails ("bounces", NDRs) as opposed to SMTP
rejects.
If I were you I'd just email <listmas...@lists.debian.org> to ask
them about it the next time you receive the notification about some
emails being rejected. The human that will eventually answer your
email will probably be happy to look in the logs to see what message
your mail provider gave.
> Please verify the content of the kick rate mail. I am quite sure that it
> is not as serious as it sounds on the first impression.
You are right that an occasional bounce probably isn't a lot to
worry about, as the trigger level indeed is way above 2%. One way it
can happen is if a spammy message reaches the list and is not
detected by Debian, but is detected and rejected by your mail
provider. That counts as "you" rejecting email from the list, even
though that was the right thing for your provider to do. That sort
of thing can just be ignored.
In Pocket's case, they say they are actually being automatically
unsubscribed from the list. That indicates a severe and ongoing
problem with their mail delivery. If I were them I'd want to look
into it.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
