said by kungpow:I don't think this is a good shaw standard to have backscatter enabled as NDR reports are not generated. Shaw's outbound smtp spam filter needs to be upgraded.
I have tons of email servers hosting all sorts of domains with SMTP spam filter protected inbound and outbound and I have yet to have an issue with backscatter.
To clarify, 'backscatter' in an email context is the term for actively sending NDR messages for mailboxes that you don't control. Shaw hasn't enabled backscatter, they're intentionally preventing it. Spoofed source addresses, be they spambot sourced or not, are a real problem for enterprise and carrier class mail services. It is not in Shaw's best interest to even let you send email out using a non @shaw.ca source mailbox, but they do. As a consequence, they need to protect their environment from the damage a spam bot or malicious user can cause, hence the refusal to deliver NDR messages off-server.
Consider the following.
The average spam message size is broken down to as follows (source, Symantec Intelligence Report: August 2012):
5KB, 10KB : 25.5%
The average infection rate in Canada was 1.4 in 1000 in 2010 (source, Microsoft Security Intelligence Report for 2010).
Shaw had 1.9 million internet customers (and assume a single computer per connection), as declared in their 3rd quarter financial results for this year.
If you take the average upload performance as recorded by Ookla (1.85Mbit/s) and apply that 1.4/1000 metric, and assume that these infected machines are only available for 30 minutes per day, and only send for 1/4 of their active state on average, we get the following math:
1,900,000 computers * (1.4/1000 infected machines per computer) = 2,660 infect machines on Shaw's network
2,660 infected machines / * 30 minutes = 79,800 infected machine minutes.
79,800 infected machine minutes * (1/4 active) = 19,950 active machine minutes.
Now lets mix in the average upload speed.
1.85(Mbit/s)/machine * (60/1 seconds per minute) = 111 (Mbit/minute)/machine
19,950 active machine minutes * 111 (Mbit/minute)/machine = 2,214,450 active Mbit
Now, if we assume we're working with an average of 50KB per spam message (MUCH larger than what is actually observed), we get
50KB / message * 8 bits per byte = 200Kbit / message
200Kbit / message * (1/1024 Mbit/Kbit) = 0.1953125 Mbit / message
2,214,450 active Mbit / (0.1953125 Mbit / message) = 11,337,984 message(s)
So, conservatively, you can assume Shaw has to deal with 11 Million spam messages per day from their network. Almost none of these will have legitimate source mailboxes, and if Shaw were to deliver the NDR for each failed, dictionary created destination mailbox, they would not be able to offer email service to their customers.
There are a couple things should help in the future:
1 - If you receive a new recipient mailbox, vet it first. Ensure that the mailbox exists and that the recipient actually wants your mail. If you don't do this you are not correctly handling the email addresses you come across and will likely encounter throttling or relay denial in the future.
2 - If you want to ensure the deliverability of a message, use a local test account as the source; i.e. in Shaw's case use an @shaw.ca mailbox.
3 - If you are sending mail from an email address that exists within a domain that lets you relay through them, always use that available relay.
