Hi All,

This isn't a Declude topic but is relevant to dealing with a sort of spam
issue.  I hope nobody minds discussing this.  I would appreciate hearing any
advice you might have to offer.

I have a customer who's domain is being used for Joe Jobs.  Someone is
randomizing email addresses for this domain and presumably sending out
millions of emails.  My mail server is dealing with the backscatter.  I'm
getting probably close to 50 - 100 server connections a minute.

My smtp log shows the following type of entries (sanitized for posting

17:23:50 [][30884] connected at 12/6/2011 5:23:50 PM
17:23:51 [][30884] cmd: EHLO shack.traxel.com
17:23:51 [][30884] rsp: 250-PERSEUS Hello []
250-SIZE 62914560 250-AUTH LOGIN CRAM-MD5 250 OK
17:23:51 [][30884] cmd: MAIL FROM:<>
17:23:51 [][30884] rsp: 250 OK <> Sender ok
17:23:51 [][30884] cmd: RCPT
17:23:51 [][30884] rsp: 550 <whiplash...@mycustomersdomain.com>
No such user here
17:23:51 [][30884] cmd: RSET
17:23:51 [][30884] rsp: 250 OK

I had my SPF records set incorrectly and it was instructing other mail
servers to accept email even if not from my mail server.  I changed the SPF
record a few days ago to instruct them to REJECT.  I don't know if that
change will eventually cause the spammer to move on to another domain or

I actually deleted the customer's MX and A record for 2 days (over the
weekend) to see if that might cause the spammer to find another domain.
They aren't sending through my mail server, but I thought perhaps if their
spam target recipient's server checked for a valid mx and found none that
they would reject the spam.  The theory being if the bulk of the spammer's
email was rejected they might move on to another domain.  Unfortunately, as
soon as I added the MX and A record back then the backscatter started again.

How do you guys deal with these?  Just let it run its course?



This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to