Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proper Ways to Dispose of Spam?

Posted by Cliff on from the let's-stop-wasting-bandwidth-on-useless-bounces dept.

An anonymous reader asks: "My domain name is being stolen by spammers; they forge outgoing mail using my poor innocent domain name. First, I'd like to plead with mail server administrators out there: please REJECT spam and undeliverable mail. If you reject instead of bouncing then legitimate mail senders will still know there is a problem. Second, do you have any tips for dealing with a flood of spam bounces? Exim is pitching the bounces pretty quickly, but my server is still getting overwhelmed." In the case of stolen sender addresses, SPF attempts to address this problem but has it been effective?

6 of 119 comments (clear)

  1. SPF! by Alphager · · Score: 4, Informative

    Two of my domain-names are in several spammer-tools and i was inundated by spam-bounces (and auto-replies). With SPF, i am down to one bounce every now and then.

  2. Re:No by Neon+Spiral+Injector · · Score: 4, Informative

    You should not generate the bounce, a 5xx responce to an SMTP command is all your server should do. If it is a real mail server talking to yours it will generate the bounce for the user that is relaying through it (hopefully including the text of your 5xx reply).

  3. Simple, check the Received: envelope headers by Anonymous Coward · · Score: 4, Informative

    You start by rejecting outright email for non-existant email addresses. That gets rid of all bounces that come from addresses the spammers have made up. Then you look at the Received headers of the email that you supposedly sent and validate that it did indeed come from your IP and the header is of the form that your MTA generates. If not, somebody was impersonating you and you reject the bounce. See Stopping Backscatter Email.

  4. Don't use a catch-all by Kelson · · Score: 4, Informative

    The problem of invalid bounces drops dramatically if you set up your incoming server so that invalid addressees are rejected with a "User unknown" note at SMTP time. If you're using Sendmail with a virtual user table, this is as easy as adding the following at the end of the file

    @example.com error:nouser 550 5.1.1 User unknown

    It's important to do this on the server that accepts mail from the outside. If you have a setup with an antispam/virus gateway that then relays to an internal server, you need to make the gateway aware of the valid/invalid addresses.

    By rejecting invalid senders in the SMTP transaction, you only get bounces from the few messages that forged an actual sender. In my experience, the addresses tend to look like ashawuiefgfyig@example.com, so most of the bounces will just disappear into the ether(net).

  5. Postfix Backscatter HOWTO by alanxyzzy · · Score: 4, Informative
    Knowing that a common term for this is "backscatter" may help you search for other hints and tips.

    There is a Postfix backscatter HOWTO at http://www.postfix.org/BACKSCATTER_README.html

  6. Re:SPF somewhat effective by Albanach · · Score: 4, Informative
    The DNS system is heavily loaded worldwide now
    I'm not sure what you mean by this - surely with a properly caching nameserver, you add almost no additional load to the root nameservers by performing SPF lookups as the query never goes near them? Your own DNS servers might be heavily loaded - in which case you should can additional ones or pay for someone else to provide DNS service. DNS scales easily so that shouldn't be an issue.

    A DNS request is tiny compared to bouncing about bits of mail - if you can reject the message before even processing the body thanks to SPF you significantly reduce bandwidth consumption, much more than that spent on a DNS lookup, especially now there are so many image based spams floating about.