I have posted the backscatter filters we use under the download section of Declude, any feedback is welcome.
David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, April 03, 2008 6:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter Symantec says that backscatter-as-deliberate-spam-technique is back in vogue. See their April State of Spam Report http://www.symantec.com/enterprise/security_response/weblog/2008/04/post_8.h tml Andrew. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, April 03, 2008 12:43 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter Jim - I'm running the exact same set up as you are. We had the same problem about two weeks ago. I don't know if this made much difference or not, but I noticed the domains that we were seeing this with did not have any SPF records in place. So when I saw this sudden increase come through, I added a strict SPF policy for that domain. The backscatter for that domain all but stopped. A few days later, a different domain was targeted - without an SPF record - and adding one seemed to cure that. This happened a few more times, with the results all the same. I'm not at an expert level to say whether this did or did not do the trick. Perhaps it was just coincidental. All the new domains that are set up and running services through us get strict SPF records put in place from the start. However, the older domains that have been around for a while - that didn't have SPF in place - were the ones that seemed to have had the problem. And since then, we haven't had any more problems with that. I can't say for sure that them having their email addresses on their websites was the problem for sure or not. For what it's worth, my "new" policy is to not put email addresses on public websites. Anyway, just thought I would throw that out there. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Comerford Sent: Thursday, April 03, 2008 1:46 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Forged-Spam Backscatter Over the last several weeks we have seen a dramatic increase in spam hitting our server. From about 70,000 mails a day to around 110,000 /day. Most destined for our users is getting properly filtered by declude. What is getting thru is backscatter from spam that is forging addresses from domains we host. It seems just about any address that is posted on a website seems to be being used to forge outgoing spam (not from our server) -- and is generating all sorts of bounce messages. I suspect there is not much I can do to block this backscatter without blocking legit bounce messages... but I thought I'd ask. Here is our config: Imail 8.22 Declude 4.3.64 invURIBL 3.1.1 Sniffer --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
