What heuristics should I use to prevent an autoresponder war?

Question

I am currently extending an e-mail system with an autoresponse feature. In a dark past, I've seen some awesome mail loops, and I'm now trying to avoid such a thing from happening to me.

I've looked at how other tools ('mailbot', 'vacation') are doing this, grepped my own mail archive for suspicious mail headers, but I wonder if there is something else I can add.

My process at this point:

1. Refuse if sender address is invalid (this should get rid of messages with <> sender)
2. Refuse if sender address matches one of the following: '^root@', '^hostmaster@', '^postmaster@', '^nobody@', '^www@', '-request@'
3. Refuse if one of these headers (after whitespace normalization and lowercasing) is present: '^precedence: junk$', '^precedence: bulk$', '^precedence: list$', '^list-id:', '^content-type: multipart/report$', '^x-autogenerated: reply$', '^auto-submit: yes$', '^subject: auto-response$'
4. Refuse if sender address was already seen by the autoresponder in the recent past.
5. Refuse if the sender address is my own address :)
6. Accept and send autoresponse, prepending Auto-response: to the subject, setting headers Precedence: bulk and Auto-Submit: yes to hopefully prevent some remote mailer from propagating the autoresponse any further.

Is there anything I'm missing?

Answer 1

Update 2014-05-22

To find if an inbound message is an "out-of-office" or other automatic reply, we use that procedure:

First, Find if header "In-Reply-To" is present. If not, that is an auto-reply.

Else, check if 1 of these header is present:

• X-Auto-Response-Suppress (any value)
• Precedence (value contains bulk, or junk or list)
• X-Webmin-Autoreply (value 1)
• X-Autogenerated (value Reply)
• X-AutoReply (value YES)

Answer 2

In my research so far I've come up with these rules.

Treat inbound message as autogenerated, ignore it and blacklist the sender if...

• Return-Path header is <> or missing/invalid
• Auto-Submitted header is present with any value other than "no"
• X-Auto-Response-Suppress header is present
• In-Reply-To header is missing
  • Note: If I'm reading RFC3834 correctly, your own programs SHOULD set this, but so far it seems some autoresponders omit this (freshdesk.com)

When sending outbound messages, be sure to...

• Set the Auto-Submitted: auto-generated header (or auto-replied as appropriate)
• Set your SMTP MAIL FROM: command with the null address <>
  • Note some delivery services including Amazon SES will set their own value here, so this may not be feasible
• Check the recipient against the blacklist built up by the inbound side and abort sending to known autoresponders
• Consider sending not more than 1 message per unit time (long like 24 hours) to a given recipient

Notes on other answers and points

• I think ignoring Precedence: list messages will cause false positives, at least for my app's configuration
• I believe the OP's "auto-submit" rule is a typo and the official header is Auto-Submitted

References

• RFC3834
• This SO question about Precedence header has several good answers
• Wikipedia Email Loop Article
• desk.com article

---

Comments welcome and I'll update this answer as this is a good question and I'd like to see an authoritative answer created.

Answer 3

Include a phrase like "This is an automatically-generated response" in the body somewhere. If your message body is HTML (not plain text) you can use a style to make it not visible.

Check for this phrase before responding. If it exists, odds are good it's an automated response.