[FoRK] spam insanity

Justin Mason < jm at jmason.org > on > Tue Dec 5 10:23:16 PST 2006

Ian Andrew Bell writes:
> I've done it for years at TUFFMAIL.
> 
> I think part of your problem is called "Backscatter" which are the  
> bounce messages you receive when one of your email addresses is  
> forged into a From: header.
> 
> 	A bit more about it here:
> 	http://www.tuffmail.com/backscatter.php
> 	
> 	And here:
> 	http://temporaryinbox.blogspot.com/2006/11/141106-abuse- 
> information.html
> 
> Gmail hasn't to date implemented SRA (Signed Return Addresses) which  
> to some extend addresses this issue.

for what it's worth, "BATV" is a more popular fix than SRA, which
I haven't heard of. ;)

a low-cost BATV is to run a second outbound-only MTA, and create a
subdomain, e.g. "sent.jmason.org", and ensure this is used for the
envelope sender for mails sent via that MTA.  you can then discard bounces
that aren't addressed to an addr at that domain and are instead addressed
to any other addr at the main domain ("jmason.org" in my example).  the
SMTP rfcs require that the envelope sender be the only addr to receive
DSNs etc., not the From-header address or any other header-borne
addr.

Setting up an extra MTA is still pretty tricky though, so I haven't done
it.

> But mail servers that send  
> bounce messages back out the PIPE when the sending server is NOT in  
> the listed SPF record are stupid.

yep.

--j.

> -Ian.
> __________________________
> http://www.linkedin.com/in/ianbell
> 
> 
> On 5-Dec-06, at 9:29 AM, Luis Villa wrote:
> 
> > Gmail caught 13K spam for me in the past 14 or so hours. (This may in
> > fact be a gmail bug, undeleting a bunch of spam I trashed yesterday.
> > They really need a 'this might be spam', 'this is definitely spam'
> > two-tier system. But I digress.)
> >
> > The vast bulk of it is emails *from* [random characters]@tieguy.org
> > which are now getting bounced back to me. (*@tieguy.org is funneled to
> > my gmail account, to let me provide domain at tieguy.org addresses when I
> > buy/register/etc.) I'm getting so much of it, in fact, that I'm
> > concerned that I'm going to get blacklisted.
> >
> > So a couple questions:
> >
> > * Is there something like SPF that I should be looking at setting up
> > to help those who are currently getting inundated by spam 'from'
> > tieguy.org, and additionally to verify that mail actually from
> > luis at tieguy.org shouldn't be spam filtered? What is the state of the
> > art there?
> >
> > * given that I don't want to set up a real mail server on tieguy.org,
> > are there any better options for doing the wildcard domain stuff I'm
> > doing? I don't want to give this up; cnnsi at tieguy.org (for example)
> > gets several hundred spam a day, so I want to be able to give out
> > email addresses trivially and later can them. gmail-specific solutions
> > are acceptable; anything requiring serious server-side work probably
> > not.
> >
> > Thanks in advance for thoughts/answers/etc.
> >
> > Luis (when I am philosopher-king, there will be patents on the torture
> > of spammers, in order to encourage innovation in that critical
> > competitive area)
> > _______________________________________________
> > FoRK mailing list
> > http://xent.com/mailman/listinfo/fork
> 
> _______________________________________________
> FoRK mailing list
> http://xent.com/mailman/listinfo/fork

More information about the FoRK mailing list