I've just found a new and interesting spam source - legitimate bounce messages

eculp at casasponti.net eculp at casasponti.net
Thu Oct 16 10:39:50 PDT 2008 

Matthew Seaman <m.seaman at infracaninophile.co.uk> escribió:

> eculp at casasponti.net wrote:
>> RW <fbsd06 at mlists.homeunix.com> escribió:
>>
>>> On Thu, 16 Oct 2008 08:54:55 -0700 (PDT)
>>> Luke Dean <LukeD at pobox.com> wrote:
>>>
>>>>
>>>>
>>>> On Thu, 16 Oct 2008, Matthew Seaman wrote:
>>>>
>>>>> Until the wonderful day that the entire internet abides by these
>>>>> rules[*], use
>>>>> of technologies like SPF and DKIM can discourage but not entirely
>>>>> prevent the spammers from joe-jobbing you.
>>>>
>>>> I just started getting these bouncebacks en masse this week.
>>>> My mail provider publishes SPF records.
>>>
>>> SPF increases the probability of spam being rejected at the smtp
>>> level at MX servers, so my expectation would be that it would exacerbate
>>> backscatter not improve it.
>>>
>>> Many people recommend SPF for backscatter, but I've yet to hear a cogent
>>> argument for why it helps beyond the very optimistic hope that spammers
>>> will check that their spam is spf compliant.
>>
>> I feel the same way and thanks for adding some humor to the situation.
>
> Most spammers aren't aiming to generate back-scatter as their primary
> means of disseminating their spam, so they'll do what they can to get
> the best chance of a successful delivery.  That means sending SPF  
> compliant e-mails where possible.  It's actually quite simple for  
> them to filter out SPF protected addresses from their target lists,  
> so they do tend to do that, and it's typically the same list of  
> target addresses they use for forged senders too.  It's telling that  
> both having a correct SPF record  and having no SPF record at all  
> have a zero score in SpamAssassin (ie. neutral) whereas  
> non-compliance scores lots of spam points.
>
> Also see my point earlier about rejecting messages during the SMTP  
> dialogue.  SPF is easy to check early and lets you reject messages
> before acknowledging receiving them, which means a lot fewer bounce  
> messages to (probably forged) sender addresses.
Thanks, Matthew.

That I've not done due to the possibility of rejecting legit email.   
I'm going to revisit that decision.

ed

>
> 	Cheers,
>
> 	Matthew
>
> -- 
> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>                                                  Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
>                                                  Kent, CT11 9PW
>
>

More information about the freebsd-questions mailing list