I've just found a new and interesting spam source -
legitimate bounce messages
Paul Schmehl
pauls at utdallas.edu
Thu Oct 16 07:41:44 PDT 2008
--On Thursday, October 16, 2008 09:01:02 -0500 eculp at casasponti.net wrote:
>
> In the last hour, I've received over 200 legitimate bounce messages
> from email services as a result of someone having used or worse is
> using my email address in spam from multiple windows machines and ip
> addresses. The end result is that I am getting the bounce messages.
> I'm sure that others on this list have experienced the problem and
> maybe have a solution that I don't have.
>
> The messages are allowed through my obspamd/pf and pf smtp bruteforce
> blocking rules because they are completely legit.
>
> I guess the work around is to filter them on incoming together with
> our local bounce messaages util the spammers get tired of my address.
>
We call those "bounceback spam". The only solution that I know of is to tag
all outgoing messages with a special header and then check for that header on
all returns and reject those that don't contain the header. All legitimate
bounces would contain the header because they originated with your MTA.
E.g. X-Bounceback-Check: 0987923874
The value of the header can be anything you want it to be, and you can change
it periodically if you want to keep statistical data.
--
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list