I've just found a new and interesting spam source - legitimate
bounce messages
Chuck Swiger
cswiger at mac.com
Thu Oct 16 10:22:37 PDT 2008
On Oct 16, 2008, at 9:38 AM, RW wrote:
> SPF increases the probability of spam being rejected at the smtp
> level at MX servers, so my expectation would be that it would
> exacerbate
> backscatter not improve it.
The main problem resulting in backscatter happens when forged spam
from yourdomain.com get gets sent to a legit MX server which accepts
the mail initially, and then generates a bounce due to later spam
checking or failed delivery to an invalid user. The bounces which
then get generated by the legit MX are likely to pass spam checking at
yourdomain.com.
> Many people recommend SPF for backscatter, but I've yet to hear a
> cogent
> argument for why it helps beyond the very optimistic hope that
> spammers
> will check that their spam is spf compliant.
SPF doesn't provide a magic solution to backscatter, but it helps
simplify the problem.
If spam can be rejected during the SMTP phase rather than accepted,
then most spam-spewing malware simply drops the attempted message
rather than actually send a bounce to yourdomain.com. After all, the
spammer is looking to deliver spam to lots of different mailboxes, not
deliver tons of DSNs to a single mailbox or domain. Failing that,
however, any bounces which are being generated are coming from or at
least closer to the source of the spam, rather than coming from gmail,
hotmail, etc. And if the spamming machine is forging your domain,
then yourdomain.com MX boxes have a decent shot of rejecting the
forgeries via hello_checks, RBLs, or other methods.
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list