On Wed, Apr 30, 2008, Omer Zak wrote about "How to deal with bounce messages spam?": > My E-mail address somehow found its way into the reservoir of E-mail > addresses used by some spambots for forging the From: line in E-mail > messages. > The consequence is that during recent days I have been flooded with > bounce messages from mailer-daemon and postmaster of various domains, > which bounced back spam messages whose delivery to the final destination > failed.
You're lucky that this is a new problem for you. For several years now, there are many periods when the number of these "spam bounces" messages I got greatly exceeded the number of actual spams I got. >.. > However, given the flood of the bounce messages spam, I'll need to > automatically get rid of them. And luckily this isn't hard, because unlike spam, these bounces don't try to disguise themselves, so you can recognize most of them with hardly any false positives. The key is that bounced mail should, by the SMTP standard, contain the "Messege-id" header of the original mail. And since your real mail always has a message-id formatted in a certain way and spam usually has random message-ids, it's easy to recognize bounces of mails you never sent - even without needing to record the specific message ids you actually sent. For example, here is the procmail rule I use: :0 BH: *^from +MAILER-DAEMON[ @] * !^Message-id: [EMAIL PROTECTED] spambounces -- Nadav Har'El | Wednesday, Apr 30 2008, 25 Nisan 5768 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |Unix is simple, but it takes a genius to http://nadav.harel.org.il |understand its simplicity. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
