Technically they aren't "disabled", they are spam blocked using Declude.
Matt
Darin Cox wrote:
Hi Matt,
How are you disabling bounces received at a particular account?
Darin.
----- Original Message -----
*From:* Matt <mailto:[EMAIL PROTECTED]>
*To:* [email protected]
<mailto:[email protected]>
*Sent:* Saturday, December 02, 2006 9:26 PM
*Subject:* Re: [IMail Forum] New user problem
Todd,
Make sure just in case that he doesn't have another domain somewhere
else that has a catch-all that is then redirecting all E-mail to this
particular address. Most joe-jobs involve using bad addresses on real
domains, and therefore the bounces tend to be undeliverable, however
when there is a catch-all, the volume can be significant. A few weeks
ago we were seeing over 100,000 bounces per day, however only around
1,000 of those went to valid addresses. I have however found several
times the condition where a catch-all on another provider forwards all
of these to a single user. We do not allow that condition and force
the customers to make changes. You need to check the bodies of the
messages to see if they are in fact going to random addresses on
another domain.
Most backscatter that goes to good addresses will either happen very
sporadically and randomly across one's user base, or come in bulk to a
single address but clear up within 3 days to a week. When the latter
happens, we just block bounces to that account for a period of time
and then lift the block once it has cleared up. We do have one
example though where an info@ account is forged by one small-time
spammer 6 days a week for almost a year now, and we had to disable
bounces for that account permanently.
Matt
Todd Richards wrote:
Thanks Darin. Most of the stuff is getting caught and not getting to
the end user. So that's good news for him (and they love me for it
in the meantime). I do review all of the "hold" spam with fpReview
(I love that utility) and have a few searches set up to quickly
filter through it. So it's not even that big of a deal to me. My
biggest concern was ending up being penalized (blacklisted) without
trying to do anything about it.
Also, I would appreciate any feedback on your other option if it ends
up working.
Thanks!
Todd
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Darin Cox
*Sent:* Saturday, December 02, 2006 11:43 AM
*To:* [email protected]
*Subject:* Re: [IMail Forum] New user problem
Hi Todd,
Backscatter from forging spam is a serious problem, and what you are
experiencing. What's happening is that a spammer has harvested your
customer's email address, and is sending out spam through their
zombie network forging your customer's email address.
There are two ways to combat it:
1. Use SPF on your customers domain in the hopes that mail servers
receiving the spam will check SPF, see that the message was forging
spam, and not bounce back to you. This has limited success. If the
receiving server had good filtering in place, and used proper
no-bounce-on-spam procedures, you wouldn't be receiving the bounces
anyway.
2. Filter on any information you can find within the email, like the
original spammy subject, in order to push the bounces into review or
delete range. This is also limited to responding to particular
spammy subjects or constant forging with wrong names, and is very
reactive and temporary.
I have another idea that I'm discussing on another list right now to
combat this in a more proactive manner. I'll report back if any
progress is made towards implementing a filter.
Darin.
----- Original Message -----
*From:* Todd Richards <mailto:[EMAIL PROTECTED]>
*To:* [email protected]
<mailto:[email protected]>
*Sent:* Saturday, December 02, 2006 12:20 PM
*Subject:* [IMail Forum] New user problem
Hi Everyone -
I'm not sure where this post belongs, so I will post here first.
We took on hosting for one of our members mid-week last week, and
there is a problem going on. Before the changeover, they complained
that one of the users, in particular, was getting a TON of spam with
their old host. I proudly said "no problem" as we have things
clicking very nicely now with our setup.
Well, the switch has been made and said user does not get the spam he
was getting before. However, I'm seeing it in that
Declude/Sniffer/etc is catching it. The stuff he was referring to as
"spam" is bounced messages from other people. Either his email
address has been hi-jacked, or his computer has as the bounced
messages are coming in that say the message from "Wrong Name
<[EMAIL PROTECTED]>" could not be delivered. The trail after that
shows that they are definitely spam. I have been looking through the
logs and can't see for sure that the originating message is coming
through our server (I haven't spent hours looking at the logs). So I
can't say for sure that he is sending it through us. But I'm worried
about ending up blacklisted for sending this crap.
I have asked the end-users to thoroughly scan his computer for
problems, and fix if found. There is no on-site tech, so they asked
about changing the email address. While I'm not opposed, if it is in
fact his computer then that won't make much difference.
Am I missing anything? Is there any better way to troubleshoot that
you can think of? None of the other users on his domain are seeing
this, and I have not seen this type of traffic from any of the other
users we host mail for.
For what it's worth we are using Imail 8.22 (with ALL patches), the
latest version of Declude, Sniffer, and invURIBL 2.7 - all running on
Windows 2003 Server.
I appreciate any thoughts or direction on this.
Thanks!
Todd
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
