--On Thursday, October 16, 2008 09:01:02 -0500 [EMAIL PROTECTED] wrote:

In the last hour, I've received over 200 legitimate bounce messages
from email services as a result of someone having used or worse is
using my email address in spam from multiple windows machines and ip
addresses.  The end result is that I am getting the bounce messages.
I'm sure that others on this list have experienced the problem and
maybe have a solution that I don't have.

The messages are allowed through my obspamd/pf and pf smtp bruteforce
blocking rules because they are completely legit.

I guess the work around is to filter them on incoming together with
our local bounce messaages util the spammers get tired of my address.

We call those "bounceback spam". The only solution that I know of is to tag all outgoing messages with a special header and then check for that header on all returns and reject those that don't contain the header. All legitimate bounces would contain the header because they originated with your MTA.

E.g. X-Bounceback-Check: 0987923874

The value of the header can be anything you want it to be, and you can change it periodically if you want to keep statistical data.

Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas

Reply via email to