After doing a lot of cleanup trying to clear out clogged queues full of spam, I discovered today that spammers are taking advantage of DSNs (see How to get notified).

I had disabled the spamtrap temporarily on most of my servers, and suddenly noticed there was outgoing mail from the spamtrap, which seemed odd. Taking a look at what was in the queue, I found this (email address hidden):

   ----- The following addresses had successful delivery notifications -----
s...@s...  (relayed to non-DSN-aware mailer)
    (expanded from: s...@s...)
   ----- Transcript of session follows -----
s...@s...... relayed; expect no further notifications

Searching around I found there's a privacy flag to sendmail called "noreceipts". Checking my config files I found that this is ALREADY ENABLED. So it would seem that it doesn't work, at least under sendmail 8.13.5. I'm still searching for a way to disable the positive DSNs. Trying to send out all the notifies to tell the spammer that they found a good email address is just clogging up my queues.