Slashdot Mirror
100 Email Bouncebacks - Welcome to Backscattering
distefano links to a story on Computerworld, excerpting: "E-mail users are receiving an increasing number of bounceback spam, known as backscatter, and security experts say this kind of spam is growing. The bounceback e-mail messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: 'Cyails, Vygara nad Levytar,' 'UNSOLICITED BULK EMAIL, apparently from you.' You eye your computer screen; you're nervous. What's going on ? Have you been hacked? Are you some kind of zombie botnet spammer? Nope, you're just getting a little backscatter — bounceback messages from legitimate e-mail servers that have been fooled by the spammers."
Ugh, care to elaborate? Anyway, I think the solution is simple. Just publish a giant list of all mail servers not configured properly. It wouldn't be hard to write a script, to verify if a domain is configured or not. It would function as a name and shame list. But more than that, all spammers would harvest from it, and absolutely smash the listed servers until they were forced to configure them properly.
Nope, I'm not getting anything - procmail on my honeytrap spam email account sees it and stops it with a few simple filters
So please try harder, spammers, or go and get extensions to your obviously miniscule penises so you no longer need to take you inadequacies out on the rest of the world.
Gentoo Linux - another day, another USE flag.
There's an easy way to filter out backscatter while preserving bounce messages that you care about (ie. ones about email that you actually sent):
1. Add your own custom header to all your outgoing emails. Doesn't matter what it is, but it should be unique, eg. 'X-Really-From-Richard-Jones: xsomesecretx'
2. MTAs include the original headers in bounce messages, so discard bounce messages which don't contain your custom header.
You can even be smart and sign the header based on the content of the email using a private key, which would make it unforgeable, but at the moment you don't need to do that.
Rich.
libguestfs - tools for accessing and modifying virtual machine disk images
One of the main reasons forums don't get hit by spammers is because the admin staff knows what they're doing. They lock down threads, respond quickly, and keep the software up to date. Temporary bans, and permanent bans... You also need a working e-mail address in order to register, which blocks an awful lot of spam. Finally, there's over 150 domains on the banlist for my forums... some of the most popularly used (by spammers) freebie e-mail accounts, like mail.ru.
Oh... and it helps to have a robots.txt file. Mine looks like this:
The forums are served up from a subdomain... the actual site shows up in search engines, but having the separate domain with robots.txt helps keep the forums off the search engines. If they don't know you're there, then they can't spam you.
If you believe everything you read, you'd better not read. - Japanese proverb
How about we change the delivery method. Instead of an email being sent to me and sitting on my server or service waiting for me to sort it, you send me the headers for the sender, subject, size, date, and attachment status while the message and attachments sit on YOUR server until I chose to pick it up or it expires. The reduction in bandwidth should pay for the increase in storage, and the spammers would have to leave their message sitting on a machine somewhere waiting for me to pick it up (hint, not gonna happen).
1. No servers flooding the net with messages.
2. Easily identifiable spam sources, making bot-nets less useful.
3. Reduced bandwidth as the system replaces the old one.
4. Allow email clients and webmail services to be configured retrieve every message for the few numb nuts that don't/won't get it.
5. Profit (via reduced long term cost).
Just spitballing...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
1. Only works for obvious spam. For non-obvious spam it means the user has to download it - which notifies the spammer of a known-good address. That means more spam. (Right now images do this, but images can be disabled while preserving the text.)
2. They'll just advertise in the subject line. Perhaps easier to filter, but seems like a losing battle to me.
3. How do you authenticate?
4. Allows people to associate an email address with an IP even if that IP/address never sends them email.
5. Completely fails to account for offline/IMAP use.
Some of this can be mitigated by having the receiving server fetch the mail when the client requests it, but that adds more problems.
1. I'm pretty much whitelisting by hand now, If I don't know you, I don't care what you put in the subject line, your stuff is gone.
2. Set a size limit on all the headers, no hex or encoding, plain text and straight IP addresses for the server holding the mail.
3. Their server sends me a key to pick up the message (a header I forgot), if a server sees the same key a thousand times in a minute or two... hmmmm...
4. Works both ways: Gmail Warning, The message you are about to retrieve is located on a server KNOWN to send spam... Continue?
5. If your offline you are pretty much working with the mail you already downloaded, right?
I'm not saying I have a perfect answer, but there are plenty of people that can figure it out, just like other ideas have been brought to fruition on the web, by cooperation of parties that have a mutual interest... and on this topic, it a BIG group and they have the brain power and bucks to make it work without rattling to many cages.
The point is to reverse it so that the abusers are left holding the bag, botted machines are quickly identified (and hopefully cleaned), and the free ride stops with the death of standard SMTP servers.
All I can offer is my idea of a starting point...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office