I've just found a new and interesting spam source - legitimate
bounce messages
eculp at casasponti.net
eculp at casasponti.net
Thu Oct 16 10:29:42 PDT 2008
Chuck Swiger <cswiger at mac.com> escribió:
> On Oct 16, 2008, at 9:38 AM, RW wrote:
>> SPF increases the probability of spam being rejected at the smtp
>> level at MX servers, so my expectation would be that it would exacerbate
>> backscatter not improve it.
>
> The main problem resulting in backscatter happens when forged spam
> from yourdomain.com get gets sent to a legit MX server which accepts
> the mail initially, and then generates a bounce due to later spam
> checking or failed delivery to an invalid user. The bounces which
> then get generated by the legit MX are likely to pass spam checking
> at yourdomain.com.
Exactly what seems to be happening.
>> Many people recommend SPF for backscatter, but I've yet to hear a cogent
>> argument for why it helps beyond the very optimistic hope that spammers
>> will check that their spam is spf compliant.
>
>
> SPF doesn't provide a magic solution to backscatter, but it helps
> simplify the problem.
It should.
> If spam can be rejected during the SMTP phase rather than accepted,
> then most spam-spewing malware simply drops the attempted message
> rather than actually send a bounce to yourdomain.com. After all,
> the spammer is looking to deliver spam to lots of different
> mailboxes, not deliver tons of DSNs to a single mailbox or domain.
> Failing that, however, any bounces which are being generated are
> coming from or at least closer to the source of the spam, rather
> than coming from gmail, hotmail, etc. And if the spamming machine
> is forging your domain, then yourdomain.com MX boxes have a decent
> shot of rejecting the forgeries via hello_checks, RBLs, or other
> methods.
Thanks Chuck,
ed
More information about the freebsd-questions
mailing list