I've just found a new and interesting spam source -
legitimate bounce messages
eculp at casasponti.net
eculp at casasponti.net
Thu Oct 16 10:22:55 PDT 2008
Paul Schmehl <pauls at utdallas.edu> escribió:
> --On Thursday, October 16, 2008 09:01:02 -0500 eculp at casasponti.net wrote:
>
>>
>> In the last hour, I've received over 200 legitimate bounce messages
>> from email services as a result of someone having used or worse is
>> using my email address in spam from multiple windows machines and ip
>> addresses. The end result is that I am getting the bounce messages.
>> I'm sure that others on this list have experienced the problem and
>> maybe have a solution that I don't have.
>>
>> The messages are allowed through my obspamd/pf and pf smtp bruteforce
>> blocking rules because they are completely legit.
>>
>> I guess the work around is to filter them on incoming together with
>> our local bounce messaages util the spammers get tired of my address.
>>
>
> We call those "bounceback spam". The only solution that I know of
> is to tag all outgoing messages with a special header and then check
> for that header on all returns and reject those that don't contain
> the header. All legitimate bounces would contain the header because
> they originated with your MTA.
>
> E.g. X-Bounceback-Check: 0987923874
I have added headers for years but unfortunately these didn't
originate on my servers. My email address was used as the return
address for spam sent from multiple windows machines to .ru addresses.
Thanks for the suggestion, Paul.
ed
>
> The value of the header can be anything you want it to be, and you
> can change it periodically if you want to keep statistical data.
>
> --
> Paul Schmehl (pauls at utdallas.edu)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
>
More information about the freebsd-questions
mailing list