blu.org wiki
|
View:
New views
10 Messages
—
Rating Filter:
Alert me
|
 |
bounced spam
by Mike Gorse
::
Rate this Message:
Hi all,
Lately my email address has been used a lot by spammers, and I've been getting a lot of "returned mail" messages rejecting the spam that I supposedly sent. I'm probably getting well over 100 of them per day, and it is becoming really annoying. Somehow this has only been happening for the past few days. It isn't clear to me what, if anything, I can do about this. Does anyone have any suggestions? Thanks, -- Mike Gorse / AIM:linvortex / http://mgorse.freeshell.org -- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by Nathan Meyers-2
::
Rate this Message:
Mike Gorse wrote:
> Hi all, > > Lately my email address has been used a lot by spammers, and I've been > getting a lot of "returned mail" messages rejecting the spam that I > supposedly sent. I'm probably getting well over 100 of them per day, > and it is becoming really annoying. Somehow this has only been > happening for the past few days. It isn't clear to me what, if > anything, I can do about this. Does anyone have any suggestions? Same boat here - started happening a few weeks ago. I added some .procmailrc filters that capture the vast majority of this voluminous bounce spam: :0 * ^From: Mail Delivery Subsystem .maildir/.Bounce/ :0 * ^From: Mail Delivery System .maildir/.Bounce/ :0 * ^From: MAILER-DAEMON .maildir/.Bounce/ :0 * ^From: postmaster .maildir/.Bounce/ I do an occasional cursory inspection of my Bounce mailbox - so far, no false positives. Nathan > > Thanks, > > -- Mike Gorse / AIM:linvortex / http://mgorse.freeshell.org -- > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by Mike Gorse
::
Rate this Message:
On Mon, 5 May 2008, Nathan Meyers wrote:
> Same boat here - started happening a few weeks ago. I added some .procmailrc > filters that capture the vast majority of this voluminous bounce spam: I thought about trying something like that, but it would catch legitimate bounces, too. Maybe there's no other way around it and the benefits would outweigh the cost, though. Thanks, -Mike G- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by Tom Metro-12
::
Rate this Message:
Mike Gorse wrote:
> Lately my email address has been used a lot by spammers... This practice goes by the name of "joe jobs." > It isn't clear to me what, if anything, I can do about this. Aside from following safe emailing practices (essentially never making your address public, which can't always be avoided), about the only thing you can do is set up SPF[1] records, and hope the adoption of SPF continues to grow. 1. http://www.openspf.org/ -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by Nathan Meyers-2
::
Rate this Message:
Mike Gorse wrote:
> On Mon, 5 May 2008, Nathan Meyers wrote: > >> Same boat here - started happening a few weeks ago. I added some >> .procmailrc filters that capture the vast majority of this voluminous >> bounce spam: > > I thought about trying something like that, but it would catch > legitimate bounces, too. Maybe there's no other way around it and the > benefits would outweigh the cost, though. It's a sledgehammer approach, but I decided the time spent scanning the Bounce mailbox for legitimate bounces outweighed the time lost picking the bounces out of my inbox. If your experience is anything like mine, you'll go through intense spam-bounce periods separated by lengthy lulls. I have some hope it will burn out on its own... ask me in a year if I was right :-). Nathan > > Thanks, > -Mike G- > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by Ward Vandewege
::
Rate this Message:
On Mon, May 05, 2008 at 02:29:10PM -0400, Mike Gorse wrote:
> On Mon, 5 May 2008, Nathan Meyers wrote: > >> Same boat here - started happening a few weeks ago. I added some >> .procmailrc filters that capture the vast majority of this voluminous >> bounce spam: > > I thought about trying something like that, but it would catch legitimate > bounces, too. Maybe there's no other way around it and the benefits would > outweigh the cost, though. Seems like the 'logical' way to solve this problem would be to add something to every message you send out, check for that string in the bounces you receive and redirect to /dev/null accordingly. Problem is that many bounces don't include all headers. But perhaps there's something that can be done with the headers that are included in most (all?) bounces. Like, check for your full name if you always send mail with that in the 'From' line. You could also try to keep track of outgoing message ids, but again, these lines are not always included in bounces. Thanks, Ward. -- Pong.be -( "a loveable, cuddly, stuffed penguin sitting down )- Virtual hosting -( after having gorged itself on herring." -- Linus about )- http://pong.be -( the Linux mascot )- GnuPG public key: http://pgp.mit.edu -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by Tom Metro-12
::
Rate this Message:
Ward Vandewege wrote:
> Seems like the 'logical' way to solve this problem would be to add something > to every message you send out, check for that string in the bounces you > receive and redirect to /dev/null accordingly. > > Problem is that many bounces don't include all headers. This is a problem that mailing lists have to deal with, and they address it with Variable Envelope Return Paths (VERP)[1]. Basically you make the from address (technically the SMTP MAIL FROM address) unique to each recipient - typically by embeding the recipients address in the sender address, and often with a message number as well. So if user@... sends a message to other_user@... you get something like: user+other_user=other-domain.com@... It's the only reliable way to connect a bounce to a sent message. But most people would find this as an impractical way to combat forged bounces. For the most part I approximate this technique by using unique sender addresses for each purpose, such as one for each mailing list or vendor I deal with. I haven't gone so far to use unique addresses for each recipient, though I could see how a Thunderbird extension might make doing so practical. 1. http://cr.yp.to/proto/verp.txt -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by Mick Timony-3
::
Rate this Message:
On Mon, 2008-05-05 at 13:48 -0400, Mike Gorse wrote:
> Hi all, > > Lately my email address has been used a lot by spammers, and I've been > getting a lot of "returned mail" messages rejecting the spam that I > supposedly sent. I'm probably getting well over 100 of them per day, and > it is becoming really annoying. Somehow this has only been happening for > the past few days. It isn't clear to me what, if anything, I can do about > this. Does anyone have any suggestions? not a suggestion, but /. had a link to an article about this today (called backscatter): http://it.slashdot.org/article.pl?sid=08/05/05/0452257 http://www.computerworld.com.au/index.php/id;1698505531;fp;16;fpid;1 Another way for spammers to annoy us all. > > Thanks, > > -- Mike Gorse / AIM:linvortex / http://mgorse.freeshell.org -- > -- Mick Timony -- I'm dressing up in an ill-fitting IVY-LEAGUE SUIT!! Too late... -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by David Kramer
::
Rate this Message:
Mike Gorse wrote:
> On Mon, 5 May 2008, Nathan Meyers wrote: > >> Same boat here - started happening a few weeks ago. I added some >> .procmailrc filters that capture the vast majority of this voluminous >> bounce spam: > > I thought about trying something like that, but it would catch > legitimate bounces, too. Maybe there's no other way around it and the > benefits would outweigh the cost, though. I'm getting hit hard too. What I was thinking of doing was flagging subject lines like Nathan, but add anout test to see if one of my domain names or IP address appears in any of the Received lines, and if not, then it's probably fake. I say "probably", because sometimes the "from" clause is not included in the Received line. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
|
|
Re: bounced spam
by Bill Horne-9
::
Rate this Message:
David Kramer wrote:
> Mike Gorse wrote: >> On Mon, 5 May 2008, Nathan Meyers wrote: >> >>> Same boat here - started happening a few weeks ago. I added some >>> .procmailrc filters that capture the vast majority of this >>> voluminous bounce spam: >> >> I thought about trying something like that, but it would catch >> legitimate bounces, too. Maybe there's no other way around it and >> the benefits would outweigh the cost, though. > > I'm getting hit hard too. > > What I was thinking of doing was flagging subject lines like Nathan, > but add anout test to see if one of my domain names or IP address > appears in any of the Received lines, and if not, then it's probably > fake. > > I say "probably", because sometimes the "from" clause is not included > in the Received line. Although it's an open question of whether these are "backscatter" spams or "Joe Jobs", the solution is the same: when I start getting rejects on an email address I control, I disable it for a week or two. If the spammer is doing a Joe Job, then he's using my email to get by call-out filters at the receiving end, and disabling the email also disables the spam. I think of this as a win-win ;-) . If it's backscatter, then disabling the address means I won't get any more of them, and it also motivates the sysops at the bouncing MTA's to enable call-outs and other anti-spam measures. FWIW. YMMV. Bill -- E. William Horne William Warren Consulting Computer & Network Installations and Service 781-784-7287 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list Discuss@... http://lists.blu.org/mailman/listinfo/discuss |
| Free Forum Powered by Nabble | Forum Help |
