[Mimedefang] Agressive spammers

dimon at intellinetinc.com dimon at intellinetinc.com
Mon Dec 1 17:00:56 EST 2003 

Quoting "David F. Skoll" <dfs at roaringpenguin.com>:

> I get a bazillion of them a day, also.  Luckily, the spammers are forging
> either from random_junk at roaringpenguin.com, or from our public addresses
> like sales@ or info@, which should never receive DSN's (so I bounce
> anything from <> to one of those aliases.)

I'm not so lucky (or spammers who are sending spam to my users are really 
agressive), so they're not just generating random usernames, but using real 
email addresses of my users :-(((
 
> At some point, we'll need to implement a system that watches all outgoing
> messages and records the Message-ID in a database somewhere.  If a bounce
> comes in, it should contain that Message-ID somewhere in the DSN body.
> If it doesn't, then the bounce isn't from a message we sent and we can
> reject it.
> 
> This means you have to force all your outgoing messages through the
> Message-ID recorder.  This can be tricky for many organizations.
 
I thought about something similar to that, but problem is that not all mail 
servers are sending bounces with DSN body (which contains MessageID), some of 
them are sending just couple of strings saying that user doesn't exist. And how 
about vacation replies? Or any other kind of auto-replies?

And I think it's one of spammer's tricks to deliver spam to the end user: the 
bounce itself contains a part of the message spammer sent to unexistent user at 
other mail server (aol.com for example). That server generates a bounce to the 
forged From: address and there is a part of that spam message. So, this way 
spammers are targeting my users by sending spam to unexistent users at other 
servers. And when my users receives that bounce, he's trying to look what's 
that he've got at his mailbox, trying to understant why he've got that delivery 
problem. And for sure he will go through all the parts including the original 
spammer's message. And the user will never delete that type of email before 
viewing it (rather just deleting regular spam message with stupid subject).

And if there's no way to fight that, we're in the big trouble :-(

The only way to stop that I think is to no generate bounce message to the 
address in From: field, but to tell MTA that user doesn't exist (or other type 
of message) during the SMTP session. But that requires all mail administrators 
to upgrade (or fix, or configure) their mail servers, which is not realistic 
for now :-(((

Dmitry

More information about the MIMEDefang mailing list