I've just found a new and interesting spam source - legitimate bounce messages

[Chuck Swiger]

On Oct 16, 2008, at 9:38 AM, RW wrote:
> SPF increases the probability of spam being rejected at the smtp
> level at MX servers, so my expectation would be that it would  
> exacerbate
> backscatter not improve it.

The main problem resulting in backscatter happens when forged spam  
from yourdomain.com get gets sent to a legit MX server which accepts  
the mail initially, and then generates a bounce due to later spam  
checking or failed delivery to an invalid user.  The bounces which  
then get generated by the legit MX are likely to pass spam checking at  
yourdomain.com.

> Many people recommend SPF for backscatter, but I've yet to hear a  
> cogent
> argument for why it helps beyond the very optimistic hope that  
> spammers
> will check that their spam is spf compliant.


SPF doesn't provide a magic solution to backscatter, but it helps  
simplify the problem.

If spam can be rejected during the SMTP phase rather than accepted,  
then most spam-spewing malware simply drops the attempted message  
rather than actually send a bounce to yourdomain.com.  After all, the  
spammer is looking to deliver spam to lots of different mailboxes, not  
deliver tons of DSNs to a single mailbox or domain.  Failing that,  
however, any bounces which are being generated are coming from or at  
least closer to the source of the spam, rather than coming from gmail,  
hotmail, etc.  And if the spamming machine is forging your domain,  
then yourdomain.com MX boxes have a decent shot of rejecting the  
forgeries via hello_checks, RBLs, or other methods.

Regards,
-- 
-Chuck