[Mimedefang] What to do about bounced forgeries?
David F. Skoll
dfs at roaringpenguin.com
Sun Dec 21 21:03:24 EST 2003
On Sun, 21 Dec 2003, Rick Mallett wrote:
> We're seeing a big increase in the number of "...User unknown"
> messages in our log files which we have determined to be the result
> of bounced spam messages which were forged to appear to come from our
> site (eg. MAIL FROM: blotto at carleton.ca), and I'm wondering if others
> are experiencing the same problem,
I get over 250 of these a day.
> and I'm also wondering if anyone has any ideas on what to do about it.
Nope. There's really very little you can do about it, unless the spammers
live in the US. Then, there's a faint hope you can go after them
for forging the sender address... if you can find them.
> By late last week we were getting over 500,000 such messages a day
> (i.e. approximately 6/sec), and although we have a fairly large system
> with some spare capacity, forking a sendmail process to reject each of
> these bounced forgeries is starting to have a significant effect on
> performance.
Ouch! 500K/day means someone really has it in for you. :-(
> So what do we do? Hope the spammers get tired of using our domain in
> their forgeries, or do we have to build a frontend system that uses a
> more lightweight process than sendmail to handle the unknown user
> rejections. Anyone have any ideas?
More hardware?
Regards,
David.
More information about the MIMEDefang
mailing list