On a recent post by David over on Geeky Ramblings, I’d have to say I agree.
Spammers don’t get the bounced messages, so what do they care? How do I know they don’t get them? I’m a mailing list admin for SquirrelMail, in particular the security list, gets several hundred bounced messages a day… on a quiet day. So spammers would probably only care if they received the bounced messages. It doesn’t cost them anything to send, they abuse other peoples’ systems (viruses and what not, or from phishing1).
As David said, those working on poisoning spammers list need to find another activity, or method, to combat it. What they’re doing now is not helping. Spammers don’t follow the rules, if they did, when my mail server told them to go away (RBLs for example), they’d go away, instead they keep the transaction going.
There are definitely better ways to handle spam, RBLs, dial-up black lists, the not quite so effective content filtering2. There was an idea once of using SPF records, but it turns out that the majority of people using those are spammers anyway.
It’d probably be a whole lot better if service providers started taking actions against those that are infected, and sending the spam out. I know I’ve had a service provider (SpeakEasy), that caught a client machine on my work network sending spam out, and notified us about it. It would be good if service providers would step up to the plate, and take some initiative. I know some providers now don’t allow relaying mail out directly unless you go through them, that’s certainly a step in the right direction, but I think more needs to be done. Start removing peoples’ access to the internet if they get infected for example, most service providers terms of conditions allow for it.
Find better solutions to battle the spam, poisoning just doesn’t cut it.