[Mimedefang] Agressive spammers
dimon at intellinetinc.com
dimon at intellinetinc.com
Mon Dec 1 17:00:56 EST 2003
Quoting "David F. Skoll" <dfs at roaringpenguin.com>:
> I get a bazillion of them a day, also. Luckily, the spammers are forging
> either from random_junk at roaringpenguin.com, or from our public addresses
> like sales@ or info@, which should never receive DSN's (so I bounce
> anything from <> to one of those aliases.)
I'm not so lucky (or spammers who are sending spam to my users are really
agressive), so they're not just generating random usernames, but using real
email addresses of my users :-(((
> At some point, we'll need to implement a system that watches all outgoing
> messages and records the Message-ID in a database somewhere. If a bounce
> comes in, it should contain that Message-ID somewhere in the DSN body.
> If it doesn't, then the bounce isn't from a message we sent and we can
> reject it.
>
> This means you have to force all your outgoing messages through the
> Message-ID recorder. This can be tricky for many organizations.
I thought about something similar to that, but problem is that not all mail
servers are sending bounces with DSN body (which contains MessageID), some of
them are sending just couple of strings saying that user doesn't exist. And how
about vacation replies? Or any other kind of auto-replies?
And I think it's one of spammer's tricks to deliver spam to the end user: the
bounce itself contains a part of the message spammer sent to unexistent user at
other mail server (aol.com for example). That server generates a bounce to the
forged From: address and there is a part of that spam message. So, this way
spammers are targeting my users by sending spam to unexistent users at other
servers. And when my users receives that bounce, he's trying to look what's
that he've got at his mailbox, trying to understant why he've got that delivery
problem. And for sure he will go through all the parts including the original
spammer's message. And the user will never delete that type of email before
viewing it (rather just deleting regular spam message with stupid subject).
And if there's no way to fight that, we're in the big trouble :-(
The only way to stop that I think is to no generate bounce message to the
address in From: field, but to tell MTA that user doesn't exist (or other type
of message) during the SMTP session. But that requires all mail administrators
to upgrade (or fix, or configure) their mail servers, which is not realistic
for now :-(((
Dmitry
More information about the MIMEDefang
mailing list