Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bounced Email - Dealing w/ the Latest Type of Spam?

Posted by Cliff on from the inbox-junk-removal dept.

heretic108 asks: "For 3 years, I've been running a home office EXIM mailserver to handle mails on my 3 personal domains. All had been fine - I'd fastidiously configured EXIM to guard against relaying, and even now receive a clean bill of health from the various relay-checker sites. Spam levels were moderate, and mostly arrested by SpamAssassin and Thunderbird's inbuilt filters, until today. I got up this morning to find 3500+ e-mails in my inbox. All were bounces - spoofed and genuine, and came from a vast variety of IP addresses (eg lots of AOL users' IPs), which indicates they're being sent largely via compromised windows boxen, as well as from inadequately-configured corporate/ISP mailservers which don't bother to check the purported 'from' addresses against the originating domains. This hurricane continues, with 10-30 new incoming spams every minute! I've re-enabled Active Spam Killer, but this is next to useless, since ASK passes all 'bounce' messages, real or otherwise, to the mbox without challenge. I'm hoping to hear from anyone who can share success stories in dealing with such a menace, without undue complication or loss of legitimate mail. Thanks in advance for all your constructive and positive suggestions." It seems that dealing with regular Spam is almost easy in comparison to dealing with its consequences: bounced emails. Does anyone have suggestions, or filters on how to handle bounced e-mail that has resulted from someone using your e-mail address to spam someone else?

4 of 96 comments (clear)

  1. Re:Postmaster - /dev/null by AndroidCat · · Score: 2, Insightful

    What about bounces from mail you did send? You'd probably want to know when that ASAP email you sent hit a full mailbox or their server was struck by lightning.

    --
    One line blog. I hear that they're called Twitters now.
  2. Publish SPF Records by bill_mcgonigle · · Score: 4, Insightful

    This isn't magic, but if everybody publishes SPF Records for their domains and checks them (SpamAssassin 3) joe jobs become much, much harder.

    So do the right thing and publish them. 5 minutes a domain tops if you're familiar with DNS.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  3. Re:Baysian Spam Filter by fm6 · · Score: 5, Insightful

    So big deal. Writing an effective content-based spam filter isn't hard. Writing an effective content-based spam filter without false positives is just about impossible. If you don't mind missing some of your email, fine. But most of us don't have that luxury.

  4. Re:5 minute kill sequence for all spam by suwain_2 · · Score: 2, Insightful

    As it is, they never send the messages from a valid address - so who cares if your replying to their spam with your real address?

    Except now you're causing the problem that led to this question in the first place: now you're sending crap out to random people, because, as you yourself just said, they never used a real address. It often ends up going to someone real, though.

    --
    ________________________________________________
    suwain_2 :: quality slashdot p