The SANS Handler and the case of the spam blowback

SANS Handler Swa Frantzen got Joe Jobbed and he’s using the bully pulpit of the SANS Internet Storm center to advocate changing SMTP error handling.
I got Joe Jobbed around 1997, I had an address [email protected] Some spammer whose name was apparently also Roger sent out a couple of spam runs as that address. Each time I logged in I had to download 15k bounce messages (and assorted spam complaints). Fortunately there was an 800 number in the email message and the guy stopped using my address after I asked him nicely to stop ruining my life.
Swa says the bounce-backs came in on a catch all address. I’m not sure if he means that the address is one he uses as a spam trap (an address used when registering at public sites) or if he means the more traditional definition a mailbox that accepts all email for the domain that is not specifically sent somewhere else. If he is using a catchall mailbox and then complaining about getting spam, I think he’s kind of nuts.
I agree with him that virus notices should never be sent to the sender anymore. Too often the sender is forged. However, you cant notify the recipient easily on most mail systems. Most mail systems are going to strip the virus and send it to the user, so they still get thousands of unwanted messages. That’s not a good solution. I’ve seen some spam solutions that can notify the recipient once per day of quarantined messages, but we really don’t want users spending their time reviewing spam. We want a good spam filter. I wouldn’t notify the sender of a message that is quarantined as spam either. And that is where SMTP reliability goes down the tubes, when no one is notified that a message has been blocked.
I dont quite understand his complaint about greylisting. I greylist and it doesn’t result in a delayed delivery notice being sent to anyone. I’m also not onboard with his idea that recipient mail servers should hold a mail connection open until they have scanned a message and determined that it is acceptable. That just wont work when you’re getting 90% spam messages. The solution isn’t for everyone in the world to buy a bigger mail server. Besides, you may not want to let a spammer know immediately that his spam run was unsuccessfull.