[kwlug-disc] how to recognize incoming emails that are "delivery failed" msgs?

John Van Ostrand john at netdirect.ca
Thu May 6 14:40:39 EDT 2010 

----- "Robert P. J. Day" <rpjday at crashcourse.ca> wrote:

> (and now, for something totally geeky ...)
> 
>    more email-related crunchy goodness -- i have /etc/valiases set up 
> 
> on a system that shunts all incoming emails to a (PHP) script and,  
> before i do any serious processing on an email, i want to quickly  
> reject any emails that are nothing more than "delivery failed"  
> messages.  don't care about them, want to toss them out entirely.  so 
> 
> how quickly can i recognize them?
> 
>    as it is, there are various strings that give it away, like,  
> "Delivery Status Notification" in the subject line, or "Mail System  
> Error" in that line, or having it coming from an address that contains
>  
> "MAILER-DAEMON", or having the body of the message contain the line, 
> 
> "This message was created automatically by mail delivery software".  
> 
> all very explicit.  all very painful.
> 
>    is there any email standard that covers what a mail delivery error 
> 
> has to look like?  at the very least, will it be a single-part message
>  
> whose content-type is "text/plain"?  if that's true, i can at least  
> recognize immediately that any message not of that type doesn't  
> represent a delivery error message and jump to processing the
> contents.
> 
>    any shortcuts?  thanks.

It's a bitch ain't it.

My goal was far more surgical than yours. I wanted to remove all bounce messages that were backscatter. I still wanted to keep ones that were valid.

I looked at a few ways a couple of years ago.

To reduce backscatter, set your DNS up with SPF records if possible. This reduces backscatter from large hosts that check SPF.

Second, I reduced the number of email addresses that I use, taking away unadvertised and unused ones.

Third, I match on from/to combination where the from is contains MAILER or DAEMON or POSTMASTER and the to is one of the address that I never use for sending email, like info "@@" kwlug.org. 

Fourth, I tune the spam filter to be more aggressive on emails addresses that I want to receive for, but aren't heavily used.

-- 
John Van Ostrand 
CTO, co-CEO 
Net Direct Inc. 
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6 
Ph: 866-883-1172 x5102 
Fx: 519-883-8533 

Linux Solutions / IBM Hardware

More information about the kwlug-disc mailing list