[FoRK] spam insanity
Justin Mason <
jm at jmason.org
> on >
Tue Dec 5 10:02:18 PST 2006
Luis Villa writes:
> Gmail caught 13K spam for me in the past 14 or so hours. (This may in
> fact be a gmail bug, undeleting a bunch of spam I trashed yesterday.
> They really need a 'this might be spam', 'this is definitely spam'
> two-tier system. But I digress.)
> The vast bulk of it is emails *from* [random characters]@tieguy.org
> which are now getting bounced back to me. (*@tieguy.org is funneled to
> my gmail account, to let me provide domain at tieguy.org addresses when I
> buy/register/etc.) I'm getting so much of it, in fact, that I'm
> concerned that I'm going to get blacklisted.
nah, you'll be ok. It's all "backscatter" -- noise responses from old and
broken MTAs, virus filters, spam filters, and challenge-response filters
responding to the wrong address due to forged mails from spammers.
> So a couple questions:
> * Is there something like SPF that I should be looking at setting up
> to help those who are currently getting inundated by spam 'from'
> tieguy.org, and additionally to verify that mail actually from
> luis at tieguy.org shouldn't be spam filtered? What is the state of the
> art there?
SPF helps, a little. however most of the MTAs generating this
backscatter are old and crappy and don't care. It's the new
> * given that I don't want to set up a real mail server on tieguy.org,
> are there any better options for doing the wildcard domain stuff I'm
> doing? I don't want to give this up; cnnsi at tieguy.org (for example)
> gets several hundred spam a day, so I want to be able to give out
> email addresses trivially and later can them. gmail-specific solutions
> are acceptable; anything requiring serious server-side work probably
http://wiki.apache.org/spamassassin/VBounceRuleset -- ruleset
for SpamAssassin to catch them. I guess that's out, though ;)
I had to shut down half of my MTA over the weekend due to an insane
volume of this crap -- even with just procmail-based filtering,
no SpamAssassin, Postfix couldn't deal with the volume. basically
it's the "smurf" amplification attack applied to email.
More information about the FoRK