Nice infos Charles, really. Some more Information about backscatter:
http://spamlinks.net/prevent-secure-backscatter.htm http://spamlinks.net/prevent-secure-backscatter-fake.htm And what I withdraw: http://removals.tqmcube.com/index.php?x=&mod_id=2&id=13 I posted these links already, but dunno when and I am to lazy to seek now. And one of mine expieriences is: If You have an SPF-Record in your DNS, spammers dont use these domains anymore, because the errorrate is to high and the chances to get the mails deliverd shrinks, and then it is shure, that backscatter is Spam. Last week I reported at Spamcop around 500 Backscatter-Mails cought by ASSP. One spam isnt enough to blacklist them, but the MTA-Admins get the Reports from SC - just a little education. The undeliverable mails where often attached, and it was no problem to see, that the sending hosts where blacklisted already from more than one RBL. So everyone should take serious how to handle DSN. Mit freundlichen Gru?en Christian Rehkopf Tel.: 01801 99 33 22 7123 (Bundesweit zum Ortstarif) > -----Ursprungliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im Auftrag > von Charles Marcus > Gesendet: Freitag, 14. September 2007 13:00 > An: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy > Betreff: [Assp-user] Preventing Backscatter - WAS: Re: mail > queue full of "Delivery Status Notification (Failure)" > > > David, please don't top-post in a thread where others are > bottom-posting > - it is confusing... > > Graziano said: > >>> I understand that when the spammer send an email to an > invalid user > >>> , > >>> assp returns an email to the sender. > > Wrong - ASSP does not *send* *any* email messages, but it > does respond > with certain SMTP Status Codes during the SMTP session - the > one you are > discussing is the SMTP REJECT code but this is NOT an email message. > > It is the responsibility of the *originating MTA* to generate > the actual > email the original sender ultimately gets. > > Graziano said: > >>> And if the sender does not exist I receive the "Delivery Status > >>> Notification (Failure)" email. > >>> How to reduce these ? assp can help on this ? > > Stop accepting mail for invalid recipients. Period. If you > have a good > reason (and I cannot think of one right now) for not > rejecting mail for > invalid recipients, then at a minimum you should never, under any > circumstances, generate DSN messages. > > Now, if some spammer somewhere is sending spam with one of your VALID > email addresses as a forged sender address, then the > backscatter is not > your fault, but shouldn't you be able to filter it out by simply > rejecting (or maybe black-holing) any/all DSN messages that do not > originate with one of your outbound SMTP server(s)? > > Marrco said: > >> We discussed it a little on assp-test. It's called backscatter and > >> it's a well know spam problem. Here you can find some suggestions > >> http://www.postfix.org/BACKSCATTER_README.html > > Correct - if you are using postfix, then this is valuable > information - > but you also have to configure ASSP to reject mail destined > for invalid > recipients. > > David said: > > If we knew that all outbound email went through ASSP (no relaying) > > ? ASSP is not an MTA - it *must* relay all outbound mail > through an MTA. > > David said: > > then one might be able to compare the recipient on backscatter > > messages to the recipient on messages actually sent out, > which would > > be one way of "verifying" backscatter messages. > Unfortunately message > > IDs and other things we put in the headers aren't going to > come back > > to us on the rebound, so those are useless. > > You are fighting the wrong problem. The problem is apparently > that ASSP > is not verifying recipients. > > Fix that first. Then find the best way to simply reject/blackhole > any/all DSN messages that are not *generated* by your SMTP > server(s) and > that should solve the problem. > > Unless I'm completely missing something... > > -- > > Best regards, > > Charles > > -------------------------------------------------------------- > ----------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/d> irect/01/ > > _______________________________________________ > > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/a> ssp-user > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
