Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

Bounced Email - Dealing w/ the Latest Type of Spam? 96

Posted by Cliff from the inbox-junk-removal dept.
heretic108 asks: "For 3 years, I've been running a home office EXIM mailserver to handle mails on my 3 personal domains. All had been fine - I'd fastidiously configured EXIM to guard against relaying, and even now receive a clean bill of health from the various relay-checker sites. Spam levels were moderate, and mostly arrested by SpamAssassin and Thunderbird's inbuilt filters, until today. I got up this morning to find 3500+ e-mails in my inbox. All were bounces - spoofed and genuine, and came from a vast variety of IP addresses (eg lots of AOL users' IPs), which indicates they're being sent largely via compromised windows boxen, as well as from inadequately-configured corporate/ISP mailservers which don't bother to check the purported 'from' addresses against the originating domains. This hurricane continues, with 10-30 new incoming spams every minute! I've re-enabled Active Spam Killer, but this is next to useless, since ASK passes all 'bounce' messages, real or otherwise, to the mbox without challenge. I'm hoping to hear from anyone who can share success stories in dealing with such a menace, without undue complication or loss of legitimate mail. Thanks in advance for all your constructive and positive suggestions." It seems that dealing with regular Spam is almost easy in comparison to dealing with its consequences: bounced emails. Does anyone have suggestions, or filters on how to handle bounced e-mail that has resulted from someone using your e-mail address to spam someone else?
This discussion has been archived. No new comments can be posted.

Bounced Email - Dealing w/ the Latest Type of Spam? More

Bounced Email - Dealing w/ the Latest Type of Spam?

Comments Filter:

  • Baysian Spam Filter (Score:4, Informative)

    by Marxist Hacker 42 ( 638312 ) * <seebert42@gmail.com> on Tuesday December 28, 2004 @07:52PM (#11204331) Homepage Journal
    This is how I do it anyway- there are several out there but I use SpamBayes because I've got my mailserver on a Windows box.

    A baysian spam filter can learn to filter ANYTHING!
    • He's using Thunderbird's built in spam filter, which is a bayesian filter already.

    • Re:Baysian Spam Filter (Score:5, Insightful)

      by fm6 ( 162816 ) on Tuesday December 28, 2004 @10:40PM (#11205667) Homepage Journal
      So big deal. Writing an effective content-based spam filter isn't hard. Writing an effective content-based spam filter without false positives is just about impossible. If you don't mind missing some of your email, fine. But most of us don't have that luxury.

      • Re:Baysian Spam Filter (Score:5, Interesting)

        by Vengie ( 533896 ) on Wednesday December 29, 2004 @12:11AM (#11206201)
        Parent post isnt flamebait. It is the very essence of why spam filtering is a sucky solution at best. Even a single false positive is simply unacceptable! (because when you have 4million pieces of spam and 1 false positive, you're never going to notice it when you go into your "spam" folder) and it could be important! Speaking from personal experience. My father emailed me from a new email address -- he scanned my law school acceptance letter and just sent it to me, no subject line. Stupid inbox filtering (work email) thought it was spam....I realize it is anecdotal, but ALL false positives are anecdotal, and these are the exact anecdotal reasons that they arent acceptable.

        • Re:Baysian Spam Filter (Score:4, Funny)

          by fm6 ( 162816 ) on Wednesday December 29, 2004 @12:57AM (#11206435) Homepage Journal
          Hey, everybody knows that "Flamebait" is shorthand for "You suck!"
        • Absolutely agreed- I use two different spam filtering solutions- one on my aracnet account and one on seeberfamily.org. The one on my aracnet account was set up by the ISP and is a combination of procmail filtering and a more traditional blacklist/whitelist filter, by Symantec. It gets FALSE POSITIVES so often that I can no longer use that account for business (but at least spam never reaches my inbox on it either). I use Spambayes on my seeberfamily.org and informationrus accounts on client side, not se
          • What kind of spam bulk do you get? I doubt you would see a false positive if you are getting 100+ spam emails a day. I own several domains and have a catchall email account for one of those. This is a calculated risk because it is not a TLD, (.id.au) and isn't well known. I just use the built in spam filter in Mail.app (Mac OS X) and I rarely get any spam in my inbox. I do, however have to check my spam box, because the filter is still learning.
            • What kind of spam bulk do you get? I doubt you would see a false positive if you are getting 100+ spam emails a day. I own several domains and have a catchall email account for one of those. This is a calculated risk because it is not a TLD, (.id.au) and isn't well known. I just use the built in spam filter in Mail.app (Mac OS X) and I rarely get any spam in my inbox. I do, however have to check my spam box, because the filter is still learning.

              I was talking about two different filters- the Symantec filte
        • Nobody should assume a single mail message sent out into the ether constitutes a final and iron-clad communication. While it is bad to miss an e-mail message from a client or another person, if the chance of losing a message is slim and the amount of time you aren't dealing with your clients' needs due to spam bloated inbox is large, you should filter. There are many ways to lose e-mails. It can get lost in transit (actually does happen). It can get mistaken for spam by the person looking at the inbox a
      • SpamBayes seems to have accomplished this- but by erring on the other side. I've had NO false positives in the 4 months I've been using it. I get about 5-10 false negatives and 20-30 false "maybes" a day though- but the point is that I haven't seen a bounce message that didn't come from my own mailserver in 2 months now- it ALL gets positively marked as spam.

        The problem with err-on-the-side-of-caution bayesian filters is that they take time to tune correctly- but once you get them tuned, they're very eff
        • I have to admit that the Adaptive Filter in Firefox seems to have similar effectiveness. (Since I don't own my email server, I have to rely on client-side solutions.) I still get nervous about not seeing all my email.
          • The problem comes in on any server-side implementation I'd have to say- because the spam folder, if it exists at all, is on the server rather than in the client program, it's MUCH harder to use a web interface to search through. In addition to that- SpamBayes and apparently Firefox (both are open source, I'll bet they're using the same code for this) err on the side of caution by double-weighting ham and only single-weighting spam (which means, basically, that every time you recover a message from the spam
  • I get a lot of bounces from mail I didn't send. Things that come from postmaster or mailer-daemon aren't a big deal: send 'em all to /dev/null with procmail. The larger problem is vacation messages. I haven't figured out any good way to filter them. Ideas?

    My SpamAssassin rules do a pretty good job of filterering messages about viruses I didn't send but even then I can't get 'em all. I wish there was standard for email generated in response to other emails.
    • What about bounces from mail you did send? You'd probably want to know when that ASAP email you sent hit a full mailbox or their server was struck by lightning.
      • that's the core of the problem.

        if the filtering is done inside the user agent it shouldn't be impossible to whitelist bounces from mail you really sent.

        did anybody already implement this?
      • That's only a problem if you're sending from the account that is getting spam. A lot of people have 'catchall' style domains -- messages sent to *@domain funnel to one pop account. This is brutal when dealing with spam -- a lot of spammers run dictionary attacks at domains and this just populates their lists with your addresses.

        Probably the only thing you can do is drop the addresses that are getting the bounces. In fact, it's best to configure the mail server to deny those addresses at the SMTP level and
    • Don't ever, EVER post to the PHP-Install list. That list is all but unusable. I can't recall the last time I saw a legit message on it. It's all spam, infected mail, and vacation messages. I kid you not, I posted on stinkin' little message to the list and received 12 (12!!!!) vacation messages of all kinds. Many weren't even in English. I swear it was a damned joke. I mailing the admins of the list and postmaster@php.net didn't even get a courtesy "who cares" message. A joke indeed.

      BTW, ^FROM_DA

  • Did you piss anyone off lately? (Score:5, Informative)

    by HotNeedleOfInquiry ( 598897 ) on Tuesday December 28, 2004 @07:57PM (#11204393)
    Getting hit with a "joe job" is sometimes used as an act of revenge for a protest or flamewar. Best to keep your home email address out of the limelight for that reason.

    • Re:Did you piss anyone off lately? (Score:5, Informative)

      by nocomment ( 239368 ) on Tuesday December 28, 2004 @08:07PM (#11204509) Homepage Journal
      mod parent up, that's exactly what happened to him. Just be patient the wave will subside in about a week. Most mail servers are set to bounce mail after 7 days for domains that don't exist. IT will slow down some over the next days with the last bounce happening in a few days.

      I too was joe-jobbed once and it is not pleasant.

      • Re:Did you piss anyone off lately? (Score:5, Informative)

        by noahm ( 4459 ) on Tuesday December 28, 2004 @11:35PM (#11205992) Homepage Journal
        mod parent up, that's exactly what happened to him. Just be patient the wave will subside in about a week. Most mail servers are set to bounce mail after 7 days for domains that don't exist. IT will slow down some over the next days with the last bounce happening in a few days.

        Sadly, it may not subside so quickly. A couple of years ago I was really strict about reporting open relays and proxies and other spam-resenders to the ISPs responsible for the netblock on which they reside. Unfortunately, I think I sent a report to the abuse contact for some netblock that was actually controlled directly by spammers, or something like that. Ever since then, I've been under an almost constant joe-job. I don't have my mailer configured to copy postmaster on every bounce, but I see all sorts of bounce delivery attempts every day to accounts that have never existed.

        All I can think of is that it's an ongoing attempt to discredit my domain. I'm sure they're not targetting me specifically at this point, but have simply added my domain to a list of domains from which they send their forged mail.

        noah

        • This is exactly what's happened to me, also. At the one domain I used to report everything through Spamcop, uce@ftc.gov, etc., I now get a lot of these bouncebacks. I've got the same domain under other TLDs and I get no bouncebacks of forged messages. SPF still seems to be uncommon enough that this hasn't slowed after setting up the text record, either. Interestingly, though, unlike the late 90s, I *never* get email from people who think my domain sent them the spam - people are at least learning not to bel
        • This started happening to me about two months ago as well. It hasn't stopped, and I can't find any fool-proof way of handling all the thousands of "Undeliverable", "User does not exist" and vacation email responses that come back.

          I sent a few messages to administrative contacts, but nothing has happened -- and I don't expect anything to, since they are located in China.

          Their website is such a con too, with friendly warm graphics to make them look professional. They mention secure and reliable transactio

        • Same is happening to me and has been for the last 2 years, about 10,000 bounce messages a day right now, they are arriving literally faster than I can download them. Fortunately I nolonger use that account for email (just webspace and backup dialup incase my main ISP has problems) so at least I'm not losing legitimate mail. I'm thinking of asking the ISP to just redirect all mail to my domain into /dev/null.

          Before this started I used that address for complaining about spam so I can only assume that somew

      • It probably isn't revenge. Most mail servers reject messages from non-existent domains so the spammers forge a real one. They just happen to have chosen yours. They've also chosen mine. I send all bounces not addressed to a real user to /dev/null. I have Gnus sort the rest into my "bounces" folder, but there are so many now that I just delete them unread. Until something effective is done about forgery it would be better for admins to stop sending bounces at all.

        Widespread adoption of SPF would solve

  • I had this problem once (Score:5, Interesting)

    by waynegoode ( 758645 ) * on Tuesday December 28, 2004 @07:59PM (#11204441) Homepage
    I had this problem a few years ago. I received up to 20 messages (bounces, out-of-office, mailbox full, authentication request, etc.) a minute at the peak. In total I received about 100,000 messages over a few weeks before it stopped.

    I called the company spamming and they "took a message". However, I was able to filter them because they were coming to a few specific random accounts, such as vxxylj@sample-domain.com and rtyylhi@sample-domain.com for example.

    I could not find any other way to filter them because it seems that there are several dozen formats for bounces. That made me wish there was a standard format for bounces, or at least a standard subject line or sender address.

  • newly obligatory twisted Dave Barry quote (Score:5, Funny)

    by Naikrovek ( 667 ) <jjohnson@ps g . com> on Tuesday December 28, 2004 @08:10PM (#11204534)
    quoted from http://www.miami.com/mld/miamiherald/living/column ists/dave_barry/6649728.htm?1c [miami.com]
    and twisted to change the subject to spam.

    ===

    People do not like spam.

    And how has the spam industry responded to this tidal wave of public hostility? It has issued this statement: "Gosh, if these people really don't want us to email them, then there's no point in our emailing them! We'd only be making them hate us more, and that's just plain stupid! We'll try to come up with a less offensive way to do business."

    No, wait, that's what the spammers would say in Bizarro World, where everything is backward, and Superman is bad, and spammers contain human DNA. Here on Earth, the spammers are claiming they have a constitutional right to email people who do not want to be emailed. They base this claim on Article VX, Section iii, row 5, seat 2, of the U.S. Constitution, which states: "If anybody ever invents the Internet, Congress shall pass no law prohibiting salespeople from using it to completely fill your inbox."
  • For the last few months, using surbl (dot org) as to detect spamvertised URLs worked nicely, but this Christmas weekend, the company I work for got a ton of e-mails crammed with URLs with good websites. I'll have to check out spamassissin 3 to see if it gets around any of these problems, but it looks like this tactic kept my dns and spamassassin daemon busy enough to start letting e-mails through without getting scanned.

    Just a heads up... It's the next phase in the arms race for me, and I'm not seeing this

  • Bounces are a problem (Score:3, Informative)

    by AndroidCat ( 229562 ) on Tuesday December 28, 2004 @08:18PM (#11204625) Homepage
    Back in the old days, a bounce email to the "sender" of the email was the proper way to do things. Now, a straight 5xx rejection response should be given as much as possible.
    • Nothing has changed... a 5xx rejection is given if the receiving machine can make the decision. The problem is there are frequently mail relays before the final destination, and they might not know whether they can reject. Making the decision as far upstream as possible is the only answer.
      • Large networks where the border mail relays don't know if an inside mailbox exists or not are a problem, true. I was thinking more of late spam and virus filters that generate idiot bounces. (Most virus scanner bounces are just disguised advertising or spam themselves.) At that point tag it, bag it in a spam folder, or even /dev/null it, but don't bounce it.

        And if I ever get something from someone's lame challenge/response system, I will respond to it so that the spammer's next load goes through to the oth

  • Publish SPF Records (Score:5, Insightful)

    by bill_mcgonigle ( 4333 ) * on Tuesday December 28, 2004 @08:25PM (#11204694) Homepage Journal
    This isn't magic, but if everybody publishes SPF Records [pobox.com] for their domains and checks them (SpamAssassin 3) joe jobs become much, much harder.

    So do the right thing and publish them. 5 minutes a domain tops if you're familiar with DNS.
    • Or impossible, if you don't want to pay for dns and your provider doesn't support txt records. I can't run DNS on MY system because my IP is dynamic...
      • The solution is to to use a dynamic dns service like www.dyndns.org [dyndns.org]. Purchase the custom dns service and you will be able to control everything with your domain.

      • You are looking for www.zoneedit.com

        Supports all record types, dynamic updates, and it's free for first 5 domains.

        But you don't want to run a mailserver on a dynamic DNS machine anyway. When the IP changes, some of your mail will be delivered to some other machine until all the DNS caches expire. If you're lucky, than other machine won't be running a server, and it will just bounce. If you're unlucky, the other machine will reject the mail, and you'll never see it.

        • Thanks for the heads up on zoneedit, for which I have just signed up. I do have a secondary MX.

          • A secondary MX won't help for the case where the machine that gets your old dynamic address happens to be running a mail server. Depending on how unlucky you are, the message will be rejected (because the address isn't valid on that machine), or worse, accepted. In either case, the secondary MX will never see it. Admittedly, this is unlikely, but it *could* happen.

      • Comment removed based on user account deletion

  • How to fix (Postfix) (Score:5, Informative)

    by fsck! ( 98098 ) <.moc.liamg. .ta. .redle.bocaj.> on Tuesday December 28, 2004 @08:25PM (#11204701) Homepage
    Can't say how to do this with exim because I've been using Postfix for as long as I can remember. Here's how I get around this:
    show_user_unknown_table_name = no

    smtpd_helo_required = yes

    smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unlisted_recipient,
    reject_unauth_destination,
    reject_unknown_sender_domain,
    reject_rbl_client relays.ordb.org,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client list.dsbl.org,
    check_policy_service inet:127.0.0.1:60000,
    permit

    smtpd_data_restrictions = reject_unauth_pipelining permit

    content_filter = lmtp-amavis:[127.0.0.1]:10024
    This enables greylisting, antivirus via amavis, rejecting unknown users at the SMTP stage, and I also publish SPF records. These together mean I see about 6 junk messages a month to my account. There are about 100 mailboxes on this server, and I they all report about the same level of noise.

  • Bounce Keys (Score:5, Informative)

    by Anonymous Coward on Tuesday December 28, 2004 @08:33PM (#11204771)
    Basically, you add an encrypted header to all outgoing emails which says "Yes, this email came from this server." Then, when you receive a bounce message, you check for the key. If it has it, it gets through, and if it doesn't, it gets rejected.

    Here's the Exim howto http://psg.com/~brian/software/authbounce/configur e-authbounce.txt [psg.com]
    • That sounds ideal. Anyone know how to implement this for qmail? I could hack it up myself, maybe, but I'd rather not as I prefer not to break my MTA.
      • If you find out, can you share? I'm interested in it as well.

        I don't see a lot of true joe-jobs, but my domain is named such that many people put addresses @mydomain in email boxes they want to fill with some bogus data.

  • Procmail recipe (Score:5, Informative)

    by Matt Perry ( 793115 ) <perry.matt54@ya[ ].com ['hoo' in gap]> on Tuesday December 28, 2004 @09:11PM (#11205084)
    This procmail recipe will at least get them out of your inbox. I got this from someone here on slashdot and I forgot to write down who it was from. Thanks anonymous slashdot procmail guru.
    # This recipe catches most DSNs
    :0HB
    * -1^0
    * 1^0 ^FROM_MAILER
    * 1^0 ^Status: 4.2.0
    * 1^0 ^Status: 4.4.1
    * 1^0 ^Status: 4.4.2
    * 1^0 ^Status: 4.4.6
    * 1^0 ^Status: 4.4.7
    * 1^0 ^Status: 5.0.0
    * 1^0 ^Status: 5.1.1
    * 1^0 ^Status: 5.1.2
    * 1^0 ^Status: 5.1.6
    * 1^0 ^Status: 5.2.1
    * 1^0 ^Status: 5.2.2
    * 1^0 ^Status: 5.2.3
    * 1^0 ^Status: 5.3.5
    * 1^0 ^Status: 5.4.7
    * 1^0 ^Status: 5.5.0
    * 1^0 ^Status: 5.7.1
    * 1^0 ^554 5.0.0 Service unavailable .*
    * 1^0 ^Remote host said: 550.*User unknown
    * 1^0 ^Remote host said: 554.*doesn't have a yahoo.com account.*
    * 1^0 ^User.*not listed in public Name & Address Book
    * 1^0 ^Sorry, no mailbox here by that name.
    * 1^0 ^<.*>: Unkown user:
    * 1^0 ^User mailbox exceeds allowed size:
    * 1^0 ^.*No matches to nameserver query
    * 1^0 ^A message that you sent could not be delivered
    * 1^0 ^.*550 unknown user
    * 1^0 ^This is a permanent error; I've given up.
    * 1^0 ^The user(s) account is temporarily over quota.
    * 1^0 ^Receiver not found:.*
    * 1^0 ^Requested action not taken: mailbox unavailable.
    * 1^0 ^--AOL Postmaster
    * 1^0 ^I'm sorry to have to inform you that the message returned
    * 1^0 ^550 5.1.1 <.*>... User unknown
    * 1^0 ^550 <.*>\.\.\. User unknown
    * 1^0 ^Subject:.*failure notice
    * 1^0 ^did not reach the following recipient\(s\):
    * 1^0 ^The following recipient(s) could not be reached:
    * 1^0 ^.*550 Mailbox quota exceeded
    * 1^0 ^.*550 Access Denied
    * 1^0 ^550 5.0.0.*Can't create output
    * 1^0 ^.*There is no such addressee as
    * 1^0 ^Mail Delivery Failed... User unknown
    daemon-msgs
    • So, I take it you don't want to know about legitimate bounces, so you can just believe that your mail always succeeds?

      • So, I take it you don't want to know about legitimate bounces, so you can just believe that your mail always succeeds?

        Sure I want to know; I just don't want those notices mixed into my inbox. The recipe only puts the DSNs into a separate folder so that they aren't mixed up with other mail. If you're getting hammered with 3000+ DSNs per day in your inbox like the article submitter is, then it'd help to filter them somewhere else so that you can deal with other mail that isn't from mailer daemons.

    • This recipe is less comprehensive but works for me. It puts messages from mailer daemons (and the like) not specifically addressed to me into the spam-mailer mailbox. If my real address is forged, the bounce will unfortunately get through, but nearly always the forged address is just random_chars@mydomain.org. As a bonus, legitimate bounces are passed through. YMMV.

      :0
      * ^FROM_MAILER
      * !^TO(jim@|root@|postmaster@)
      * !^X-Cron-Env:
      spam-mailer

    • You'll probably also need to filter bounce messages in other languages. I used to get them in Spanish and French also! I'd post my procmail file if I had it handy...
  • The post already says that you're using Thunderbird's built in bayesian filtering. So what's the problem here? Thunderbird should be (If you train it properly) filtering out all those nasty bounce emails into your spam folder.

    So, then, what's the problem?
    • even if you filter it to trash, you still have to deal with the volume of mail.

      i actually just lost my email on my hosting (shared hosting) because i was GETTING too much email. they claimed my incoming mail was flooding out their servers.

      this story submitter said they host their mail server so it's an inhouse hog of bandwith.
      • The volume is irrelevant. No matter where or how you deal with this, be it client side or server side, the server IS going to get a huge volume of mail. Even if you manage to blacklist it on the server it's still going to have to deal with each and every message.

        Besides, a hundred thousand messages is still only about a hundred megabytes worth of messages, or two hundred megs, which is a drop in the bucket on a real server (Or even a budget one http://servermatrix.com). Heck, the "flood" wouldn't even stre
        • Besides, a hundred thousand messages is still only about a hundred megabytes worth of messages, or two hundred megs, which is a drop in the bucket on a real server

          You must have missed the part where the parent poster said "shared hosting". Many shared hosting providers don't like for you to keep *any* mail on their mail servers. They want you to download it as often as possible. And to make sure you do that, you sometimes only get around a 50MB (or less) quota. If he had the time, patience, and skill to r
          • well my case with my shared hosting company was weird. i was WAY under disk space, i have an app running to connect POP3 and get mail every hour and it leaves it on the server for one day then is removed. the repointed my mail's MX entry to disable:disable or something. i guess thinking it would deflect my spam? my account is for 10 gigs of bandwith and 1 gig of disk storage.

            if the orig poster was running an old linux box as a mail server on a home network it might just get really annoying to deal with all
            • On a home network it's no problem.

              If it's being filtered client-side, it's not so bad.

              Mail is delivered to your server, assuming 20 emails per minute (That's about two hundred thousand mails a week), consuming roughly half a kilobyte per second of downstream. You could run your mail server on DIALUP and that would STILL be a small amount. These are bounce mails, they're all text and probably only about 2KB (I'm guessing, but they can't be that big)

              And say you cleared out your local mail server to your cl
  • What troubles me lately is that some of the spammers are starting to wise up to certain loopholes in the RFCs. Namely, that mail with an envelope sender of <> or a recipient of postmaster@example.com must be accepted. I've begun receiving spams of this nature in increasing quantities, and without effective countermeasures, they get right through -- because the RFCs say they should.

    The solution I'm currently experimenting with is to use simscan [inter7.com] with qmail to pipe the mail through spamassassin befor

  • Backscatter (Score:5, Informative)

    by bob@dB.org ( 89920 ) <bob@db.org> on Tuesday December 28, 2004 @11:11PM (#11205837) Homepage

    Spam lingo for this phenomenon is "backscatter" or "outscatter" (I prefer the last one, as the bounces are not actually sent "back", but to an innocent third party). Spam Links as a link collection to get you up to date at:

    http://spamlinks.net/filter-bounce.htm [spamlinks.net]

    A nice solution is Bounce Address Tag Validation (BATV), described at:

    http://www.ietf.org/internet-drafts/draft-levine-m ass-batv-00.txt [ietf.org]

    Abstract:

    The envelope of Internet mail contains an RFC2821.MailFrom command, which may supply an address to be used as the recipient of transmission and delivery notices about the original message. Existing Internet mail permits unauthorized use of addresses in the MailFrom command, causing notices to be sent to unwitting and unwilling recipients. Bounce Address Tag Validation (BATV) defines an extensible mechanism for validating the MailFrom address. It also defines an initial use of that mechanism which requires no administrative overhead and no global implementation.
    • Has this been implemented in any of the major MTAs? I just got a legitimate bounce for the first time in a fair while, and it was also only the second false positive I've _ever_ gotten with my spam filters. So a way to configure my MTA to reliably recognize real bounces from my messages would be quite nice, I think.
  • These guys sure like to play cat and mouse games. Bayesian filters like Spam Bully http://www.spambully.com/ [spambully.com] can filter these kinds of messages I have found on my office computer.

  • Send all bounce msgs to /dev/null/ (Score:4, Interesting)

    by sakusha ( 441986 ) on Wednesday December 29, 2004 @12:41AM (#11206352)
    You should dump ALL bounce messages. When was the last time you got a legit bounce message from something YOU sent? Never? Years ago?
    • Months ago, and barely months.

      Legitimate bounces DO still happen. Not often for most people, but they are still a reality.
    • That's what I thought too, but I've been burnt by that. Nowadays with smart email address auto-complete features, such as what you can find in Thunderbird or Mail.app, you sometimes end up using email addresses that were incorrectly entered by *other people*.

      And how do you know that you never get a legit bounce since you filter those too?
    • Last week.

      I e-mailed a contact address that was no longer valid. If I had just trashed the bounce, I never would have known that my e-mail had failed, and I would have assumed that the people I was trying to contact were a bunch of jerks, instead of tracking down a working address for them. This kind of stuff happens fairly often for those of us who don't live in a cave.
    • You should dump ALL bounce messages. When was the last time you got a legit bounce message from something YOU sent? Never? Years ago?

      Full and mispelled hotmail accounts. fairly frequently.
  • I had the same thing happen to me a few weeks ago they used my website that uses php-nuke againest me and i got over 6,000 bounced emails in less than 3 days.
  • is very useful for my domain. I get Exim to check valid users and 550 reject them if not valid.

    That way I drop about 66% of inbound email before it enters my email gateway.
  • change your email address Then on your old address set an out of office message pointing people to the new address. Gee... that was hard. Sounds stupid but nobody realizes if a spammer had to correct a few hundred thousand email addresses... the message would not get sent. As it is, they never send the messages from a valid address - so who cares if your replying to their spam with your real address? It will take a good year or so before you see another spam. If everyone did this, it would immediately
    • > As it is, they never send the messages from a
      > valid address...

      Yes they do. It just isn't their valid address.

      > ...so who cares if your replying to their spam
      > with your real address?

      Me, when I receive your replies to the spams sent with my address forged.

      NEVER REPLY TO SPAM
    • Sounds good on the surface. Of course, you still have to deal with the dozens of web sites with user accounts named by your e-mail address. I suppose as long as you keep the old account around, you could scan it for e-mails from specific vendors when you are expecting some notification. It also doesn't deal well with legitimate business-related mailing lists. Some of these are decentralized, with no easy opportunity to change your address (ad-hoc, handed around as necessary). Sure, these ad-hoc lists are a
      • It would be simple to write a web based script that would auto rotate valid email addresses in tune with the email server that autorotates valid email accounts.

        The beauty of it is, instant feedback to someone who uses the wrong address. Nothing is lost if someone sends a message to your old address unless:

        a) they're not using a valid address to talk to you - pretty unlikely if you really want to hear from them

        b) they don't go to the effort of following your auto reply message and forewarding it to your
    • As it is, they never send the messages from a valid address - so who cares if your replying to their spam with your real address?

      Except now you're causing the problem that led to this question in the first place: now you're sending crap out to random people, because, as you yourself just said, they never used a real address. It often ends up going to someone real, though.
      • Could that real person do the same thing to avoid my "crap"?

        Are the people recieving these messages random or are they individuals who's address is known by spammers who continue to use the same address? Chances are any real person who's address is used by spammers get so much crap anyway, their address is already near useless.

        Who do you blame? Me adapting to the spam, your the friend who gave your address to the spammer, or the person who wrote the spam?

        I thank you making for this point however, it ma
  • I had a similar joe job.
    The way I delt with it was simple;
    All (afaik) legitimet bounces include a copy of at least the headers of the original email that was bounced.

    If the email came from my system, those headers will contain reference to my system.

    At receipt time (Eg before the MTA accepts the message), my filter scans bounce messages for my mail system name.
    If it doesn't have it. its either:
    a) A bounce for a message where the MTA doesn't include a copy of my original email. (oh well).
    b) A bounce for a

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close