:fail: or :blackhole: that is the question

**Sentinel** · May 21st, 2007, 11:44 AM

Default (catch-all) email handling
in other words email that comes to your domain that is addressed to an email address that you do not have and account set up for.

Of course this discussion presupposes that you do not want to get undefined mail to your default or "catch-all" email account on your domain. (obviously if you want to get email to your catch-all then you will just set it up to forward all unrouted email to wherever you want it to go)

A good discussion to be had as we could possibly learn something that will help us all out with our understanding of how these features work.

Let me start by stating how I think they work and then which I use and why and perhaps some of the smarter people in here can tell me how I am wrong and why

My understanding is the following:
:fail: bounces a fail message back to the server that sent you the undefined email.
:blackhole: just deletes any email sent to it.

My setting and why I use it:
A: I have my catch-all email set to :blackhole: because if I set it to fail then it will bounce a fail message back to the server that sent me the email. I think this is bad because if it is a legit email address for a spammer then they don't care and won't read it.

B: However rarely do spammers use legit email addresses. More than likely it is a bogus email from a third party domain that the spammer used at random.

C: If it is a bogus email address and they are set up the same way then they will bounce it back to me as failed and so forth and so on forever clogging up the internet with an eternal loop of junk traffic.

D: If it is an actual email address of a domain that the spammer used by forging the header then the poor unsuspecting person that really owns that email address will get my bounce message. Of course they have no control over the fact that some spammer is using their email address to spam people so every time I get a bogus email from a spammer using that email address my server generates a bounce email to this poor guy who is effectively being spammed by me with bounce messages that he can do nothing about.

So it seems to me that the best course of action is to just simply drop the offending email and be done with it.

Another reason I don't use fail is because if they send an email to a random email address at my domain and they get back a fail then they know that that is a bad email address. But if the don't get back a fail bounce message now they know that that is a good email address. So I am effectively telling the spammers which email addresses are good and which ones are not on my domain. But if I just delete them all then they never get anything back and they have no idea what is good and what is not.

Another reason, as I have just found out, is that the fail/bounce message that the server sends back has your user name in its header. This is bad because it now gives a presumably bad person 2 things...
1. Your username which is 50% of your account info. Just figure out your password and you are in.
2. They now know a definite legit email address on your account .... username

server.surpasshosting.com and they can now start sending email to that account.

So do I understand it correctly or do I not understand how fail and blackhole work therefore messing up all my reasoning?

**markscns** · May 21st, 2007, 11:46 AM

I use blackhole myself, my thoughts are why let the spammer know that a domain name is a valid domain name. If they send a message and it just goes away, they would not know in either case as to if it went or not.

**cowboy** · May 21st, 2007, 12:06 PM

Quote:

Originally Posted by markscns

I use blackhole myself, my thoughts are why let the spammer know that a domain name is a valid domain name. If they send a message and it just goes away, they would not know in either case as to if it went or not.

:fail: is equivalent to looking at your caller id on your phone, except, the server looks at who it is directed rather than who it is from. If there is not an e-mail box it will not answer the sending server, unless you add a message to it, (:fail: No one here by that name).

With just :fail: the sending server has no idea why the message was not accepted, (invalid user or invalid domain).

:blackhole: on the other hand, accepts the entire message, thereby acknowledging a valid domain, processes it internally and directs it as you wish. This uses server resources until it determines that it is not deliverable as addressed.

:fail: by itself does not return any information, and, requires no server resources.

**puckchaser** · May 21st, 2007, 12:26 PM

This thread already has plenty of discussion on this topic.

And Cowboy's post above, is pretty good summation of that thread.

**Sentinel** · May 21st, 2007, 3:44 PM

That is a great topic and it does bring up some good points but it still doesn't answer everything for me. I still have a few questions even after reading it. Mostly because I have had a website for a long time and I was always told to use blackhole to prevent the never ending loop of failures that I spoke of. In that article it states that with new rules in cpanel this behavior has changed. Shows how old I am

So I have to understand what has changed and why it is now better to use fail instead.

1. Most importantly I want to be sure that I understand what :fail: does. Used to be that fail would just generate a bounce email. So that article states that this is no longer the case. It simply generates a failure immediately to the sending server. It doesn't tell it why it is failing just that it is not accepting the email. Am I correct here?

So if a spammer tries to send an email to me using a third persons legit email address, and I have default set to fail, in the old days that poor shlub would get a bounce email even though he did not send me the email. But now if I have it set to fail the spammer himself would get a deny message before the email was even sent to me. Is that right?

**puckchaser** · May 21st, 2007, 4:32 PM

Quote:

Originally Posted by Sentinel

That is a great topic and it does bring up some good points but it still doesn't answer everything for me. I still have a few questions even after reading it. Mostly because I have had a website for a long time and I was always told to use blackhole to prevent the never ending loop of failures that I spoke of. In that article it states that with new rules in cpanel this behavior has changed. Shows how old I am

So I have to understand what has changed and why it is now better to use fail instead.

1. Most importantly I want to be sure that I understand what :fail: does. Used to be that fail would just generate a bounce email. So that article states that this is no longer the case. It simply generates a failure immediately to the sending server. It doesn't tell it why it is failing just that it is not accepting the email. Am I correct here?

So if a spammer tries to send an email to me using a third persons legit email address, and I have default set to fail, in the old days that poor shlub would get a bounce email even though he did not send me the email. But now if I have it set to fail the spammer himself would get a deny message before the email was even sent to me. Is that right?

Your server does not send a bounce message (just the DENY command)
Your server does not send anything to the sender of the email (i.e. the address in the From: line)

The spammer gets nothing. The sending server gets the deny message.

**deastwood** · May 21st, 2007, 6:54 PM

Why you should use fail:

http://www.configserver.com/free/fail.html

Thats where i get all my info from

**Sentinel** · May 21st, 2007, 7:17 PM

Looks good. I am convinced. I knew someone smarter than me would show me the error of my ways.

Fail it is.

**puckchaser** · May 21st, 2007, 10:09 PM

All

One last item.. As this seemed like a lively topic....

I've added it to the wiki !!

May 21st, 2007, 11:44 AM	#1 (permalink)
Sentinel Surpass Fan On a golden path... Joined in Mar 2006 Hosted on SH100 457 posts Gave thanks: 74 Thanked 17 times	:fail: or :blackhole: that is the question Default (catch-all) email handling in other words email that comes to your domain that is addressed to an email address that you do not have and account set up for. Of course this discussion presupposes that you do not want to get undefined mail to your default or "catch-all" email account on your domain. (obviously if you want to get email to your catch-all then you will just set it up to forward all unrouted email to wherever you want it to go) A good discussion to be had as we could possibly learn something that will help us all out with our understanding of how these features work. Let me start by stating how I think they work and then which I use and why and perhaps some of the smarter people in here can tell me how I am wrong and why My understanding is the following: :fail: bounces a fail message back to the server that sent you the undefined email. :blackhole: just deletes any email sent to it. My setting and why I use it: A: I have my catch-all email set to :blackhole: because if I set it to fail then it will bounce a fail message back to the server that sent me the email. I think this is bad because if it is a legit email address for a spammer then they don't care and won't read it. B: However rarely do spammers use legit email addresses. More than likely it is a bogus email from a third party domain that the spammer used at random. C: If it is a bogus email address and they are set up the same way then they will bounce it back to me as failed and so forth and so on forever clogging up the internet with an eternal loop of junk traffic. D: If it is an actual email address of a domain that the spammer used by forging the header then the poor unsuspecting person that really owns that email address will get my bounce message. Of course they have no control over the fact that some spammer is using their email address to spam people so every time I get a bogus email from a spammer using that email address my server generates a bounce email to this poor guy who is effectively being spammed by me with bounce messages that he can do nothing about. So it seems to me that the best course of action is to just simply drop the offending email and be done with it. Another reason I don't use fail is because if they send an email to a random email address at my domain and they get back a fail then they know that that is a bad email address. But if the don't get back a fail bounce message now they know that that is a good email address. So I am effectively telling the spammers which email addresses are good and which ones are not on my domain. But if I just delete them all then they never get anything back and they have no idea what is good and what is not. Another reason, as I have just found out, is that the fail/bounce message that the server sends back has your user name in its header. This is bad because it now gives a presumably bad person 2 things... 1. Your username which is 50% of your account info. Just figure out your password and you are in. 2. They now know a definite legit email address on your account .... usernameserver.surpasshosting.com and they can now start sending email to that account. So do I understand it correctly or do I not understand how fail and blackhole work therefore messing up all my reasoning? __________________ SH100 , SH131 & SH124

May 21st, 2007, 11:46 AM	#2 (permalink)
markscns 01101100 Super #1 Joined in Jan 2006 Lives in West Michigan Hosted on SH92 1,606 posts Gave thanks: 49 Thanked 114 times	I use blackhole myself, my thoughts are why let the spammer know that a domain name is a valid domain name. If they send a message and it just goes away, they would not know in either case as to if it went or not. __________________ twinlakeweather.us SH92

May 21st, 2007, 12:26 PM	#4 (permalink)
puckchaser He shoots.. He scores! Super #1 Joined in Feb 2007 Lives in A room with no windows. Hosted on SH110 1,447 posts Gave thanks: 46 Thanked 140 times	This thread already has plenty of discussion on this topic. And Cowboy's post above, is pretty good summation of that thread. __________________ SH110

May 21st, 2007, 3:44 PM	#5 (permalink)
Sentinel Surpass Fan On a golden path... Joined in Mar 2006 Hosted on SH100 457 posts Gave thanks: 74 Thanked 17 times	That is a great topic and it does bring up some good points but it still doesn't answer everything for me. I still have a few questions even after reading it. Mostly because I have had a website for a long time and I was always told to use blackhole to prevent the never ending loop of failures that I spoke of. In that article it states that with new rules in cpanel this behavior has changed. Shows how old I am So I have to understand what has changed and why it is now better to use fail instead. 1. Most importantly I want to be sure that I understand what :fail: does. Used to be that fail would just generate a bounce email. So that article states that this is no longer the case. It simply generates a failure immediately to the sending server. It doesn't tell it why it is failing just that it is not accepting the email. Am I correct here? So if a spammer tries to send an email to me using a third persons legit email address, and I have default set to fail, in the old days that poor shlub would get a bounce email even though he did not send me the email. But now if I have it set to fail the spammer himself would get a deny message before the email was even sent to me. Is that right? __________________ SH100 , SH131 & SH124

May 21st, 2007, 6:54 PM	#7 (permalink)
deastwood Surpass Fan Super #1 Joined in Mar 2006 1,024 posts Gave thanks: 66 Thanked 55 times	Why you should use fail: http://www.configserver.com/free/fail.html Thats where i get all my info from __________________ Oxygen Solutions - Main Website MoneyScience - Latest Project

May 21st, 2007, 7:17 PM	#8 (permalink)
Sentinel Surpass Fan On a golden path... Joined in Mar 2006 Hosted on SH100 457 posts Gave thanks: 74 Thanked 17 times	Looks good. I am convinced. I knew someone smarter than me would show me the error of my ways. Fail it is. __________________ SH100 , SH131 & SH124

May 21st, 2007, 10:09 PM	#9 (permalink)
puckchaser He shoots.. He scores! Super #1 Joined in Feb 2007 Lives in A room with no windows. Hosted on SH110 1,447 posts Gave thanks: 46 Thanked 140 times	All One last item.. As this seemed like a lively topic.... I've added it to the wiki !! __________________ SH110

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread: