Larry Brown wrote:
> I have a situation where some main stream spammer has elected to use my
> domain name for a number of their e-mail addresses they send BS out
> there as. So I get <gibberish>@dimensionnetworks.com bounce backs at a
> very high rate. Postfix denies the connection with a 450 user unknown
> response but it doesn't change the fact that it is eating my bandwidth
> for no reason. This also causes my log files to grow at a rate of
> around 10 lines/second. I get probably on average 1.5 bounces/second.
> I can't block the source of these e-mails as they are legitimate mail
> servers just bouncing either virus laden, spam filled, or mail destined
> for users that don't exist.
What you are dealing with is "backscatter" or "blowback" from "joe-jobs".
http://spamlinks.net/prevent-secure-backscatter.htm
http://www.spamnation.info/notes/guides/BackscatterFAQ.html
For example, I have some stupid botnet out there for the past couple of
months sending email as "jsmql@blenke.com".
The blowback from that would have been staggering without a server farm
at my disposal to eat that junk.
There are only a few things you can do to lessen this blowback:
1. SPF
http://www.openspf.org/
2. Domain keys
http://antispam.yahoo.com/domainkeys
3. Report these fools with automated replies as spammers. Because that's
what they are.
Aside from this, you have two choices:
1. Accept the inbound TCP connection and simply DENY any email TO: an
address that isn't valid.
2. Accept the invalid mail outright and shunt the invalid email away to
a "junk" folder that you can then use to train your bayesian for future
emails from these fools that are sent using your actual email address.
Whatever you do, do NOT accept email that can't be directly delivered.
This kind of misconfiguration is the source of most of the frustration
and cause of much blowback.
For example, I wouldn't send a bounce email back to the senders that
sent auto-responders and undeliverables to "jsmql@blenke.com". I simply
reject it outright, or accept it and shunt it to a folder to train
against future spam.
Anymore, you need a tiered spam solution with weighted rules on a
load-balanced cluster of servers that can handle the load of doing this
for large email volumes. The SLUG list server is behind a cluster of
such a monster.
Spam is a war. The battle rages on.
- Ian C. Blenke <ian@blenke.com>
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:52:26 EDT