I've just found a new and interesting spam source - legitimate
bounce messages
eculp at casasponti.net
eculp at casasponti.net
Thu Oct 16 10:39:50 PDT 2008
Matthew Seaman <m.seaman at infracaninophile.co.uk> escribió:
> eculp at casasponti.net wrote:
>> RW <fbsd06 at mlists.homeunix.com> escribió:
>>
>>> On Thu, 16 Oct 2008 08:54:55 -0700 (PDT)
>>> Luke Dean <LukeD at pobox.com> wrote:
>>>
>>>>
>>>>
>>>> On Thu, 16 Oct 2008, Matthew Seaman wrote:
>>>>
>>>>> Until the wonderful day that the entire internet abides by these
>>>>> rules[*], use
>>>>> of technologies like SPF and DKIM can discourage but not entirely
>>>>> prevent the spammers from joe-jobbing you.
>>>>
>>>> I just started getting these bouncebacks en masse this week.
>>>> My mail provider publishes SPF records.
>>>
>>> SPF increases the probability of spam being rejected at the smtp
>>> level at MX servers, so my expectation would be that it would exacerbate
>>> backscatter not improve it.
>>>
>>> Many people recommend SPF for backscatter, but I've yet to hear a cogent
>>> argument for why it helps beyond the very optimistic hope that spammers
>>> will check that their spam is spf compliant.
>>
>> I feel the same way and thanks for adding some humor to the situation.
>
> Most spammers aren't aiming to generate back-scatter as their primary
> means of disseminating their spam, so they'll do what they can to get
> the best chance of a successful delivery. That means sending SPF
> compliant e-mails where possible. It's actually quite simple for
> them to filter out SPF protected addresses from their target lists,
> so they do tend to do that, and it's typically the same list of
> target addresses they use for forged senders too. It's telling that
> both having a correct SPF record and having no SPF record at all
> have a zero score in SpamAssassin (ie. neutral) whereas
> non-compliance scores lots of spam points.
>
> Also see my point earlier about rejecting messages during the SMTP
> dialogue. SPF is easy to check early and lets you reject messages
> before acknowledging receiving them, which means a lot fewer bounce
> messages to (probably forged) sender addresses.
Thanks, Matthew.
That I've not done due to the possibility of rejecting legit email.
I'm going to revisit that decision.
ed
>
> Cheers,
>
> Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
> Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
> Kent, CT11 9PW
>
>
More information about the freebsd-questions
mailing list