I've just found a new and interesting spam source - legitimate bounce messages

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Oct 16 10:18:23 PDT 2008 

eculp at casasponti.net wrote:
> RW <fbsd06 at mlists.homeunix.com> escribió:
> 
>> On Thu, 16 Oct 2008 08:54:55 -0700 (PDT)
>> Luke Dean <LukeD at pobox.com> wrote:
>>
>>>
>>>
>>> On Thu, 16 Oct 2008, Matthew Seaman wrote:
>>>
>>> > Until the wonderful day that the entire internet abides by these
>>> > rules[*], use
>>> > of technologies like SPF and DKIM can discourage but not entirely
>>> > prevent the spammers from joe-jobbing you.
>>>
>>> I just started getting these bouncebacks en masse this week.
>>> My mail provider publishes SPF records.
>>
>> SPF increases the probability of spam being rejected at the smtp
>> level at MX servers, so my expectation would be that it would exacerbate
>> backscatter not improve it.
>>
>> Many people recommend SPF for backscatter, but I've yet to hear a cogent
>> argument for why it helps beyond the very optimistic hope that spammers
>> will check that their spam is spf compliant.
> 
> I feel the same way and thanks for adding some humor to the situation.

Most spammers aren't aiming to generate back-scatter as their primary
means of disseminating their spam, so they'll do what they can to get
the best chance of a successful delivery.  That means sending SPF 
compliant e-mails where possible.  It's actually quite simple for them 
to filter out SPF protected addresses from their target lists, so they 
do tend to do that, and it's typically the same list of target addresses they use for forged senders too.  It's telling that both having a correct SPF record  and having no SPF record at all have a zero score in SpamAssassin (ie. neutral) whereas non-compliance scores 
lots of spam points.

Also see my point earlier about rejecting messages during the SMTP 
dialogue.  SPF is easy to check early and lets you reject messages
before acknowledging receiving them, which means a lot fewer bounce 
messages to (probably forged) sender addresses.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081016/ef8287fc/signature.pgp

More information about the freebsd-questions mailing list