I've just found a new and interesting spam source - legitimate
bounce messages
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Oct 16 10:18:23 PDT 2008
eculp at casasponti.net wrote:
> RW <fbsd06 at mlists.homeunix.com> escribió:
>
>> On Thu, 16 Oct 2008 08:54:55 -0700 (PDT)
>> Luke Dean <LukeD at pobox.com> wrote:
>>
>>>
>>>
>>> On Thu, 16 Oct 2008, Matthew Seaman wrote:
>>>
>>> > Until the wonderful day that the entire internet abides by these
>>> > rules[*], use
>>> > of technologies like SPF and DKIM can discourage but not entirely
>>> > prevent the spammers from joe-jobbing you.
>>>
>>> I just started getting these bouncebacks en masse this week.
>>> My mail provider publishes SPF records.
>>
>> SPF increases the probability of spam being rejected at the smtp
>> level at MX servers, so my expectation would be that it would exacerbate
>> backscatter not improve it.
>>
>> Many people recommend SPF for backscatter, but I've yet to hear a cogent
>> argument for why it helps beyond the very optimistic hope that spammers
>> will check that their spam is spf compliant.
>
> I feel the same way and thanks for adding some humor to the situation.
Most spammers aren't aiming to generate back-scatter as their primary
means of disseminating their spam, so they'll do what they can to get
the best chance of a successful delivery. That means sending SPF
compliant e-mails where possible. It's actually quite simple for them
to filter out SPF protected addresses from their target lists, so they
do tend to do that, and it's typically the same list of target addresses they use for forged senders too. It's telling that both having a correct SPF record and having no SPF record at all have a zero score in SpamAssassin (ie. neutral) whereas non-compliance scores
lots of spam points.
Also see my point earlier about rejecting messages during the SMTP
dialogue. SPF is easy to check early and lets you reject messages
before acknowledging receiving them, which means a lot fewer bounce
messages to (probably forged) sender addresses.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081016/ef8287fc/signature.pgp
More information about the freebsd-questions
mailing list