Date: Thu, 16 Oct 2008 12:29:05 -0500 From: eculp@casasponti.net To: freebsd-questions@freebsd.org Subject: Re: I've just found a new and interesting spam source - legitimate bounce messages Message-ID: <20081016122905.17qwm4xcs6kgwg88w@intranet.casasponti.net> In-Reply-To: <622D90E8-81AB-4A0A-9436-4662E33D117D@mac.com> References: <20081016090102.17qwm4xcs6f4so8ok@intranet.casasponti.net> <20081016145255.GA12638@icarus.home.lan> <48F75A88.1000507@infracaninophile.co.uk> <alpine.BSF.2.00.0810160846040.473@border.lukas.is-a-geek.org> <20081016173807.64d0f24e@gumby.homeunix.com> <622D90E8-81AB-4A0A-9436-4662E33D117D@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger <cswiger@mac.com> escribi=F3: > On Oct 16, 2008, at 9:38 AM, RW wrote: >> SPF increases the probability of spam being rejected at the smtp >> level at MX servers, so my expectation would be that it would exacerbate >> backscatter not improve it. > > The main problem resulting in backscatter happens when forged spam =20 > from yourdomain.com get gets sent to a legit MX server which accepts =20 > the mail initially, and then generates a bounce due to later spam =20 > checking or failed delivery to an invalid user. The bounces which =20 > then get generated by the legit MX are likely to pass spam checking =20 > at yourdomain.com. Exactly what seems to be happening. >> Many people recommend SPF for backscatter, but I've yet to hear a cogent >> argument for why it helps beyond the very optimistic hope that spammers >> will check that their spam is spf compliant. > > > SPF doesn't provide a magic solution to backscatter, but it helps =20 > simplify the problem. It should. > If spam can be rejected during the SMTP phase rather than accepted, =20 > then most spam-spewing malware simply drops the attempted message =20 > rather than actually send a bounce to yourdomain.com. After all, =20 > the spammer is looking to deliver spam to lots of different =20 > mailboxes, not deliver tons of DSNs to a single mailbox or domain. =20 > Failing that, however, any bounces which are being generated are =20 > coming from or at least closer to the source of the spam, rather =20 > than coming from gmail, hotmail, etc. And if the spamming machine =20 > is forging your domain, then yourdomain.com MX boxes have a decent =20 > shot of rejecting the forgeries via hello_checks, RBLs, or other =20 > methods. Thanks Chuck, ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081016122905.17qwm4xcs6kgwg88w>