Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Proving You Are Not a Spammer? 127

Posted by Cliff from the smtp-from-header-validation dept.
tfinniga asks: "A spammer has recently started using my domain name as 'From:' addresses when sending out spam. I'm worried about my domain being blacklisted, and I'm annoyed by the bounces — I'm getting about 1000 bounce messages a day. Unfortunately, I give out a different email address to each site I visit: slashdot@example.com, paypal@example.com, amazon@example.com, etc., and the spammer is using a different address for each mail, so simple address filtering doesn't work. What is the best way of avoiding being put on a blacklist, and dealing with the flood of bounces?"
This discussion has been archived. No new comments can be posted.

Proving You Are Not a Spammer? More

Proving You Are Not a Spammer?

Comments Filter:

  • Procmail helps a lot (Score:5, Informative)

    by Ted Cabeen ( 4119 ) * on Thursday April 19, 2007 @02:48AM (#18794387) Homepage
    I've had a lot of luck setting up a procmail script on the address I use for emails that match the domain wildcard. If you drop messages with a null Return-Path, you'll get all true bounces. Add to that some From header matching for things like mailman lists and mails from mailer-daemon (for those mail systems that don't follow the RFCs) and you should be able to eliminate pretty much all bounce traffic from emails that hit your domain wildcard. Don't forget to forward everything that doesn't hit the rules back to your primary email address. An SPF record can also help, although not enough people are using it to make it really helpful, and it breaks mailing lists. Also, most mail admins understand that nearly all spam From headers are forged, and you shouldn't be blacklisted for being the subject of a Joe-Job.

    Here are the current regexp lines I have in my .procmailrc for that user (all of these send the offending message to /dev/null):

    * ^Return-Path:
    * ^From:.*majordomo
    * ^Subject:.*Returned.mail
    * ^From:.*mailer-daemon
    * ^Subject:.*mail.could.not.be.delivered
    * ^From:.*(postmaster|devnull)
    * ^Subject:.*autoreply
    * ^From:.*spamarrest

    • Re:Procmail helps a lot (Score:5, Informative)

      by Ted Cabeen ( 4119 ) * on Thursday April 19, 2007 @02:59AM (#18794457) Homepage
      The first line above should be:
      * ^Return-Path: <>

      Darn HTML-like comments.
    • Quick post before going to work.

      1) Procmail can actually detect mail sent from daemons.
      2) It matters not that you give out many different addresses to different entities so long as you keep only a small list of addresses to SEND mail.

      Based on this, you can tell procmail to filter anything that comes form a daemon (bounces, in particular) and is not addressed to one of your sender addresses.

      Example .procmailrc:

      ## Environment variables.

      FGREP=/bin/fgrep
      TO=`formail -x To:`
      WHITELIST=".procmailrc.bouncew

  • Use whitelisting (Score:5, Interesting)

    by chatgris ( 735079 ) on Thursday April 19, 2007 @02:51AM (#18794407) Homepage
    I run my email the exact same way that you do, and I have had the same problems. Fortunately, I've never been rejected as a spammer based on my domain name alone, and if you are hopefully someone else here can help you solve that problem.

    As far as stopping the bounces... The only way I've found that works is to use a whitelist system... filter all of the addresses that you know are good (paypal@example.com, etc) into folders, and everything else goes into a generic catchall folder that you give a quick scan to before moving it to a long term keep folder.

    Just a note... I highly recommend the keep folder over just trashing the message. When's it's morning and you are groggily mass deleting messages, sometimes good messages get axed accidentally... If you have your own domain, it's likely that you have POP so long term storage shouldn't be a problem.

    Josh
    • Whitelisting can also be a problem if he's going to use several email addresses.
      But here's what I was thinking:
      PGP signatures. A spammer can't fake that, and you can register a single signature to use in all your emails with a specific email like authentication@example.com. That way, since the signature is present, they are guaranteed it's from your domain, and a filter can throw out mails that don't have those.
      Granted, there's not enough PGP signature use on the net, but it's a step that I think would work

    • Re: (Score:2)

      by GWBasic ( 900357 )

      Just a note... I highly recommend the keep folder over just trashing the message. When's it's morning and you are groggily mass deleting messages, sometimes good messages get axed accidentally... If you have your own domain, it's likely that you have POP so long term storage shouldn't be a problem.

      Normally that's not a problem. I typically get about 100 bounces a day, which are easy to delete. Yesterday I got home to find > 2000 messages in my inbox; all bounces to the same forged email address. Whil

  • SPF, backscatter howto (Score:5, Insightful)

    by Michael Wardle ( 50363 ) <mikel@mike l w a r d . com> on Thursday April 19, 2007 @02:55AM (#18794433) Homepage

    If the sender is forging your From address, chances are they're not using your mail server. Most decent blacklists (e.g. SpamCop, Spamhaus) will blacklist the offending server's IP address, not your mail domain.

    Consider implementing SPF (home page [openspf.org] wiki [wikipedia.org]) so recipient mail servers can drop the message if it wasn't sent from a server authorized to send mail from your domain.

    Most bounce messages will not include your outgoing server's signature. You can consider dropping those messages using the techniques described in the Postfix Backscatter Howto [postfix.org].

    • Re: (Score:2, Interesting)

      by schoaff ( 887776 )
      Just want to second the suggestion for SPF. Since I added SPF records for all my domains the amount of bounces from formed From fields has dropped significantly. Not a perfect solution but a big improvement.

      • Re: (Score:2)

        by DrZaius ( 6588 )
        Coincidently, today is the second day of the Authentication and Online Trust Alliance Summit: http://www.aotalliance.org/summit2007/ [aotalliance.org].

        Also, stop using a catchall account. Spammers will dictionary attack your domain and you will continue to get more and more spam for the rest of your life. Instead of *@yourdomain.com, set it up so your catchall accounts look like username-*@yourdomain.com.

  • Blacklisting (Score:4, Interesting)

    by mwvdlee ( 775178 ) on Thursday April 19, 2007 @02:59AM (#18794459) Homepage
    I don't think you have to worry about blacklisting.
    It's pretty much standard practice for spammers to set the "from:" to some random, existing e-mail address. This generates a lot of bounces if one of the "to:" accounts doesn't exist and there is still some crappy anti-spam filtering software that bounces (which is stupid in more ways than I can count) to the "from:". But other than that, no blacklist is idiotic enough to still believe the "from:" is reliable.

    • Re: (Score:2)

      by yuna49 ( 905461 )
      no blacklist is idiotic enough to still believe the "from:" is reliable

      That might be true of RBL maintainers, but it's hardly true of mail admins in general. Unfortunately there are still providers who believe their users' reports of spam. My SMTP server is blacklisted on some server in Canada, though we have SPF records and are not on any public RBL. A visit to their website shows that they employ users' reports, among other things, to determine what to block. I've even had a problem with Verizon black

  • Your bad... (Score:5, Funny)

    by Anonymous Coward on Thursday April 19, 2007 @03:01AM (#18794467)

    Unfortunately, I give out a different email address to each site I visit: slashdot@example.com, paypal@example.com, amazon@example.com, etc., and the spammer is using a different address for each mail, so simple address filtering doesn't work.
    example.com was a bad choice for a domain name; a lot of spammers would probably use this.

    Also you're breaking RFC 2606.

    Let's just say this was your poor judgment and move on.

    • Re: (Score:1)

      by Anonymous Coward
      Hah! Your double-bad! RFC 2606 [rfc-editor.org] says you're *supposed* to use example.com for examples! Time to check that your glasses have the correct prescription!

  • Run a web host (Score:5, Informative)

    by adamstew ( 909658 ) * on Thursday April 19, 2007 @03:06AM (#18794501)
    I run a web hosting business...small but large enough that this happens on a regular (read: daily) basis for the people I host.

    all of the good and 99% of the bad network admins will know better than to trust a "From" header in an email. I can't think of anyone that will block a domain based on the From header. Most network admins who setup blacklists blacklist server IPs that email comes from, and not email headers.

    As for your catch-all address, you can use some of the techniques that others have mentioned in previous comments. I usually tell my customers to just wait it out. The spammers will stop using your domain after a day or two. give it another couple of days for the mail queue's to empty out, and you'll stop getting bounces.
    • As for your catch-all address, you can use some of the techniques that others have mentioned in previous comments. I usually tell my customers to just wait it out. The spammers will stop using your domain after a day or two. give it another couple of days for the mail queue's to empty out, and you'll stop getting bounces.

      That's a bit optimistic. I'm in the exact same position and I've been getting roughly 1000-2000 bounces a day for over a month.
  • This began happening to a co-worked yesterday.... did the spams include Project Gutenberg donation requests?

    • Re: (Score:2, Insightful)

      by Anonymous Coward
      There are 6 billion people on this planet. It would be very strange, if multiple similar events did not happen at any given time.

      • Re: (Score:2, Funny)

        by Anonymous Coward
        There are 6 billion people on this planet. It would be very strange, if multiple similar events did not happen at any given time.


        You know, I was just thinking of the same thing. How odd ...

  • Joe Jobbed (Score:5, Informative)

    by bmo ( 77928 ) on Thursday April 19, 2007 @03:07AM (#18794513)
    You are being joe-jobbed. Do not worry about it.

    http://www.spamfaq.net/terminology.shtml#joe_job [spamfaq.net]

    3.2.22 What's a "Joe Job"?
    The act of faking a spam so that it appears to be from an innocent third party, in order to damage their reputation and possibly to trick their provider into revoking their Internet access. Named after Joes.com, which was victimized in this way by a spammer some years ago.

    You will not wind up on a blacklist. This is a well known phenomenon among mail admins.

    --
    BMO

    • Re: (Score:1)

      by Threni ( 635302 )
      > You will not wind up on a blacklist.

      You will, however, receive lots of angry emails (containing inept threats of lawsuits from clueless individuals who just don't understand that you're not spamming them.

      • Comment removed based on user account deletion

      • Re: (Score:2)

        by hurfy ( 735314 )
        heh, i would have actually settled for this to find out something about where the mails come from. There is a small chance that someone has a botted box between 2 offices and a bunch of home users.

        No luck, not one reply from a real person. A zillion bounce back messages and a slew of automated messages. None of the messages give any of the original info. The one bounceback was especially nice tho, explaining the faking of headers, and apologizing for sending more crap but it just couldn't be sure if it was
    • You're misunderstanding that explanation, largely because it is poorly written in a way that fails to make the emphasis clear.

      Joe jobbing is when the purpose of the work is to discredit. The purpose of this work is simply to provide a semi-reliable intrusion vector for spam. Joe jobbing refers to an early attack of the proprietor of Joe's Cyberpost, Joe Doll. One of his users was a spammer, and had his email account revoked. As revenge, the spammer started spamming while imitating Joe, in order to make

    • Re: (Score:2)

      by nurb432 ( 527695 )
      I really doubt it was something intentionally directed towards him to cause grief.

      More like his domain just managed to get in the hopper for a while.

  • Easy (Score:5, Funny)

    by Anonymous Coward on Thursday April 19, 2007 @03:16AM (#18794559)
    This is an easy one ... just send an email to everyone explaining the situation. And I just happen to have some mailing lists of people who opted-in to receive just this kind of notification, which I can provide to you at a very reasonable costs.

  • DomainKeys and DKIM (Score:4, Informative)

    by jediknil ( 1090345 ) on Thursday April 19, 2007 @03:22AM (#18794583) Homepage

    This has happened to me not once but twice, and I really was at a loss at what to do. Well, and angry and annoyed. The second time I decided enough was enough and set up DomainKeys [yahoo.com] and DKIM [dkim.org] (both because DKIM hasn't quite caught on enough yet). Both of them are ways to sign your e-mail so the receiving server can be sure that it actually came from your domain. It's not yet a real solution because not enough people/sites use it or validate against it, but encouraging adoption is always a good thing.

    Of course, signing mail isn't really enough to stop it, so you may have to turn off the "catch-all" feature of your mail just to avoid mail bounced to "xycjdfedf@mydomain.com"

  • yup spamassassin (Score:1, Informative)

    by Anonymous Coward
    I have the exact same problem.. Spam assassin and careful ip blocklists (ie all of china, florida, koreanet, etc) from headers has reduced it to but a trickle. You can also set it to reject it to common addresses like admin@domain
  • I recently switched my domain email to Google Apps [google.com] and couldn't be happier about it. I don't need to deal with the spam and email administration anymore and all of my family and friends get their own accounts. Everything's free and works great. The downside is not having a regular IMAP or POP access to my email.

    I use the same catchall feature as mentioned above and I also get a lot of bounce messages. The spam filtering of gmail is amazing. I get a few thousand spam a week and sometimes one falls escapes th

    • Re:Use Google Apps (Gmail for your own domain) (Score:4, Informative)

      by Anonymous Coward on Thursday April 19, 2007 @04:08AM (#18794827)
      Umm.. Google Apps has POP access for all accounts, including the free stuff.

      • Re: (Score:2)

        by Aladrin ( 926209 )
        Yeah, but it's a shitty implementation. For instance, it doesn't allow you to set 'leave mail on server' even though GMail keeps the mail anyhow. This means that you can't POP from 2 mail clients (home, work, blackberry, etc) because once you pop the mail once, it won't pop to the other client. No matter what you do.

        We switched to GMail here at work and that's been the biggest problem it. I've taken to just using the web mail client for my account, just as if there was no pop access at all.

        Yes, I used P
        • You can configure GMail to do that from the web interface. Settings->Forwarding and POP->POP Download->2) When messages are accessed by POP: [keep Gmail's copy in the Inbox|Archive GMail's copy|delete Gmail's copy]
        • Have you provided feedback to Google regarding this issue?

      • Re: (Score:2)

        by ip_vjl ( 410654 )
        In addition to the issue the sibling message points out, gmail's POP3 access won't allow you to retrieve the stuff flagged as spam. That means that unless you completely trust them to never flag something incorrectly, you will need to use the web-based interface occasionally to go through those messages.
        (Overall, not a horrible thing to do, but could be a deal-breaker for some.)

  • Old IPs (Score:2, Informative)

    by Zack ( 44 )
    I inherited a class C that formally belonged to a spammer. Made it almost impossible to get outbound mail accepted. Since we were a small org (50 people), out going was relayed over a T1 to a host in another network. Almost a year and a half later, and I'd estimate 90% of the mail gets accepted. Some old firewalls and blackholes block them still.

    So because we were lucky enough to have another site to send from, we weren't screwed... I'd hate to be there without a backup!

    • Re:Old IPs (Score:4, Interesting)

      by orangesquid ( 79734 ) <orangesquid@nOspaM.yahoo.com> on Thursday April 19, 2007 @07:53AM (#18795835) Homepage Journal
      It annoys me how long blacklists will keep you on, even after they haven't gotten any reports of spam from your IP range. Why is this so?

      A fair number of blacklists (at least a few years ago) had a we-won't-ever-remove-you - unless-you-send-us-lots-of-proof - that-your-IP-range-is-no-longer-used-for-spam policy. IP ranges ought to expire from blacklists when there haven't been many complaints for a while.

      In fact, blacklists ought to e-mail admin@mailserver when your IP range is blocked, and e-mail you monthly to remind you you're on a blacklist. Why? Most mail systems are polite and tell you if they're rejecting your messages because of a blacklist, but some will silently reject your messages and you might not realize your mail isn't being delivered for a long time, hence you might not realize you've been blacklisted somewhere.
      An alternative is that you can poll the blacklists periodically for your IP ranges to see if you've been blocked, but this seems like it places a burden on you and is somewhat irresponsible for the blacklists to do (I know, most of them say "we're a private org, we do what we want, if an ISP is using us for a blacklist then that's the ISP's prerogative, and we don't care," but if you know your blacklist is being used by others, especially by major ISP's, I still think it's somewhat irresponsible to not notify admins that you're blacklisting their IP ranges.)

      • Re: (Score:1)

        by Mabonus ( 185893 )
        Godaddy was the worst for us. They blocked the C class that we happen to share with about, oh 20 other customers and refused to block just the specific IP addresses. I tried very, very hard to reason with them, but they were convinced that it was a dynamic pool and that any address there could be the spammy address. I wish I knew what the eventual solution was, but I kept reporting the offender to our ISP and kept un-blocking our class C and it seems to have straightened up.
    • I have similar problem, we inherited a class C that was used for consumer cable modems... After 6 months of fighting with just about every blacklist operator on the planet we have been removed from most of them except Earthlink. Earthlink has been completely unresponsive to every email and phone call I have made. The only reason we still have mail customers after that nightmare is our T1.

  • Next time, prefix them (Score:5, Interesting)

    by Wordplay ( 54438 ) <geo@snarksoft.com> on Thursday April 19, 2007 @04:00AM (#18794785)
    It's a little late now, but the real problem is how you picked your email aliases. Start them all with the same prefix. Like, if I'm wordplay@foozle.com (I'm not, btw, so don't mail me), I might use wp-paypal@foozle.com, wp-ebay@foozle.com, etc. Then I can filter anything that's not addressed to wordplay or wp-*.

    • Re: (Score:2)

      by Aladrin ( 926209 )
      As long as we're advocating aliases, don't forget about spamgourmet.com. I used it for years before switching to GMail's servers. GMail's spam catching is so good that I don't worry anymore, but before that... Nightmare.

      For those that don't know: Spamgourmet lets you have unlimited aliases, so you just create a new alias for every site you put your email address on. The creation is automatic (happens the first time that email addy is mailed to) and if you later decide it's sending spam, you can turn it

    • Re: (Score:3, Informative)

      by orangesquid ( 79734 )
      Clever trick: most mail systems are configured so that USERNAME+anything will always be delivered to USERNAME (e.g., bob+ebay, bob+paypal, bob+cray-cyber, etc). This way, you don't have to deliver *@domain to your inbox nor set up forwarding aliases.

      • Re: (Score:2)

        by Bazzargh ( 39195 )
        Clever trick: most mail systems are configured so that USERNAME+anything will always be delivered to USERNAME (e.g., bob+ebay, bob+paypal, bob+cray-cyber, etc). This way, you don't have to deliver *@domain to your inbox nor set up forwarding aliases.

        Unfortunately, most people who write webapps are total idiots (some are geniuses, to be fair). 9 times out of 10 an email address with a + in the name will be rejected as invalid when you try to sign in, because they chose an overly conservative regexp for valid
        • I actually had a website accept a + designation, but then in anothe part of the reg process reject it and leave me in an orphan state half registered. Took forever to get someone there to fix it. Ugh.

  • It is easy if you live in Washington State (Score:5, Funny)

    by doug ( 926 ) on Thursday April 19, 2007 @04:14AM (#18794855)

    Apparently if you are in Washington, all you have to do is sue yourself for being a spammer [slashdot.org]. The judge will chew you out for wasting the court's time, and then drop the charges without even opening the documents. Once the court has vindicated you, you can demonstrate to everyone how non-spammy you are. I don't think you'll even need a lawyer, although you may need some antacid after seeing the US judicial process up close and personal.

    If you don't live in Washington, I think you'll need to move there first.

    Good luck. Let us know how the trial goes.

    - doug

  • Simple: You wont be blacklisted (Score:3, Informative)

    by AlXtreme ( 223728 ) on Thursday April 19, 2007 @04:26AM (#18794913) Homepage Journal
    Hostnames / IP addresses are blacklisted. Domainnames are not. Next question.

  • Filtering is your only problem (Score:4, Informative)

    by trumplestone ( 820102 ) on Thursday April 19, 2007 @04:45AM (#18795019)
    Domain blacklisting probably isn't a problem---Every sane sysadmin these days know that the address in the "From" field of a spam email has nothing to do with the origin of the spam.

    You might want to investigate "Sender Policy Framework", which allows you to add a DNS record to your domain specifying who (in terms of IP addresses) is allowed to send emails that claim to come from your domain. You will probably find that it doesn't decrease your spam bounces, however.

    The other option that may be feasible depending on your setup is ensuring that all outgoing emails have a Message-ID with some sort of token in it that you can recognise. All incoming bounces that are not replying to a Message-ID with your token in it are spam.

    Just some ideas.
  • I use a special code in the subject line, so that everyone that I e-mail knows it's from me. I use ALL CAPS in my subject line among other things, like ":-)", and I have instructed all the people that I e-mail on a regular basis that if they receive an e-mail from me without all caps, or other identifying codes, then it is probably not from me, and don't open it under any circumstance. This works, and once everyone is onboard for recognizing the code, then they can relax about who sent what. I should point

  • Sorry you can be blacklisted (Score:5, Informative)

    by lunatick ( 32698 ) on Thursday April 19, 2007 @06:26AM (#18795447) Homepage
    To all the people saying domains don't get black listed. Sorry you are wrong.

    I posted this exact question to slashdot about 4 years ago, back then you were just pretty much screwed.
    I was actually recieving threating return mail for sending spam, which is why I posted here.

    My domain did end up on a bunch of black lists and is still on a few to this day.

    I will say that the better ISP's use a mailserver based black list and not a domain based one, but there are still some out there.

    Now what you can do.

    Go to the FTC ID theft complaint form

    https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG _CODE=PU03 [ftc.gov]

    Yes spoofing your e-mail is a form of ID theft.
    The company advertised is just as legally responsible as the spammer.

    If you keep fileing complaints the spammers learn not to use your e-mail. The ones in the US and Canada you can actually sue to recover damages.

    Good luck
    • Wow, thanks for that link! I'm having the same problem with my firstname@university.edu email address - unfortunately, many of the bounces don't contain enough header info from the original sender to know who it's really from, but now I can report the few that do!
  • Send a billion e-mails to everyone you're getting bounces from, saying you didn't do it.

    I can't see how it can fail :D

  • I did this too for the same reason. I would use all sorts of e-mail address as I need them so I just opened up the mail server to accept To: *.anything in my domain. However after suffering for years with the problem you are seeing now I learned that spammers love domains like this. After sending a few messages to your server to determine if it accepts any user then they are more likely to use your domain as the From: because they can use any user name and it will be valid.

    After examining my mail history
  • 1. Blacklisting is generally done on the originating IP address, not the allegedly originating domain name. Its unlikely that your forged from address will be picked up by any filters. The forgery problem is, of course, why blacklisting is not generally done on the allegedly originating domain name.

    2. You can mitigate the bounce problem with Sender Policy Framework (SPF). Many of the larger mailers will drop messages where the SPF records indicate that the sender address is forged. Many more will suppress b
  • We ran into a Postfix bug on our systems the other month. Apparently spammers can trigger a bounce by including an extra "Mailed-To" line, and that bounce will be sent to the target of their choice. This was exploited to send a bunch of bounce messages from our system to other systems. It's simply part of Postfix's loop detection. Spammers are beginning to use it more and more, but there aren't any plans to fix it by the developers, so far as I know. We wound up fixing this with a Postfix header filter.
  • That being if you are running an exchange server.
  • I used a spamtrap domain for about 5 years, then the same thing happened 2 years ago. I have not yet had my entire domain blacklisted. I did have to get rid of the wildcard that allows any local-part though. If your MTAs bounce after receipt for invalid local-part, instead of at SMTP time, you're more likely to hit a blacklisting spamtrap address (see spamcop) than if you just happen to be getting spoofed.

    I went through my procmail logs with some awk/grep/sort -c and found most of the legit addresses I h
  • Bounces are delivered to the MAIL FROM in the SMTP envelope defined by rfc 2821. This is not the From: mail header field defined by rfc 2821, although they are often the same address. The MAIL FROM is best protected by publishing an SPF record in DNS as defined by rfc 4408. See http://openspf.org./ [openspf.org.] This defines which IP addresses are authorized to send email using your address in MAIL FROM.

    Since not all recipients check SPF, you may also wish to sign your mail from. This adds a timed hash token to th

  • Pick a prefix you're going to use for all the emails you're giving out; ex. d.slashdot@example.com, d.paypal@example.com, d.amazon@example.com, etc. Then filter out anything not beginning with "d." (and any particular address a spammer may have used).
  • Anyone dumb enough to block you based on a forged header is too stupid to worry about. None of the serious blacklists are going to care about the address unless there's real evidence that it's not a forgery.

  • Your real problem is the backscatter (Score:4, Informative)

    by Slashdot Parent ( 995749 ) on Thursday April 19, 2007 @09:40AM (#18796965)
    As others have pointed out, everyone knows that spammers forge the From: header, so your domain would not be blocked except by the dumbest of mail admins.

    Your real problem is the backscatter (those 1000 bounce messages you get per day). My solution follows:

    I still have all of my mail logs since time immemorial, so I wrote a script to parse out all of the From email addresses in outgoing email and made a list. Going forward, each outgoing email from my server gets its From address added to that list.

    In other words, I have a list of every possible From address ever used to send email from any of my domains (and the domains of the folks I host because they were jealous of my spam filtering).

    Part of incoming email processing is a rule that if your envelope sender is <> (that is the envelope sender for bounce messages), and the envelope recipient is not on that magic list of my outgoing senders, then the message must be blowback, and you get an SMTP rejection code and a message that explains why your email was backscatter and to please fix your server.

    Before you respond and say, "What about email addresses that you put in webforms? Hello!" Remember, I only apply this rule to envelope sender <>. If you're bouncing email to an address that has never been used to send email, then you are sending blowback.

    A desperate plea to mail admins out there: For the love of all things holy, stop sending delayed bounces! When you reject a message, reject it during the SMTP session! Do you have any idea how much pain you are causing others? More information here [spamcop.net].
    1. When giving out different email addresses, I also "assign" a password to that email address, eg "u2Rsv62-slashdot@hardcorehackers.com".
    2. I run qmail with the badrcptto patch [patch.be]. This is especially handy if I start receiving spam at one of the previously assigned email addresses; I can cut off just that email address and others can still reach me. Plus, for all autogenerated spam "From:" addresses, I can just add them to /etc/qmail/badrcptto and I never hear about them again.
    3. Run qmail with SPF. Not that anybod
  • (A) At least 95% of spam is sent using fraudulent "From" addresses, most of them being addresses (like yours) taken often from the same list being spammed to. None of the major blocklists ever block based on the "From" domains in spams, nor indeed do we pay any attention to "From" addresses on spams. What gets blacklisted is the sending IP address or the IP of a web server hosting the spammer's website advertized in the spam. There has never, ever, been a case of a major blocklist listing someone based on t
  • The same thing happens to me - I have the address myfirstname@university.edu - and unfortunately, my first name is also a dictionary word. So someone is sending out a ton of spam in my name, and I get all the bounces. My school's spam system catches about half of them, luckily when I use Mail.app at school it's good at catching the rest. Unfortunately, though, when I use the school's webmail I have to manually delete them all. And the daily number has continually gotten higher since September. I hate to thi
  • I see 4x that on a daily basis to my home domain. and 10x that at the office domain.

Slashdot Top Deals

BLISS is ignorance.

Close