1. Report the sending domains of backscatter to the custodians of the domain as well as to their ISP. Backscatter should not happen ever. NDRs are not supposed to be sent as emails AFTER a message has been received; NDRs are supposed to be sent as an SMTP status code sent during the SMTP session - as a direct communications between the sending and receiving server.
2. Use SPF. Don't listen to what anyones opinion of the technology is, because there is no way to quantify how effective it may be for *you* now or a bit further along in time. Using SPF is not going to hurt you; its only going to help - and increasingly so as time goes by and more people adopt it. I have plenty of messages every day that I reject based on SPF. Mostly high-level spoof's, but hey, its another cog in the anti-spam engine. Also, using SPF records gives you more credibility and leverage when filing complaints, because you have given them what they need to prevent the issue that they are causing. Be sure to use -all, and not ~all - again, regardless of what you read as recommendations. ~all is a free pass to ignore an SPF record. Read and understand the details of the record objects. 3. Filter based on keywords/phrases to block post-receipt NDRs from the misbehaving systems. On Tue, Apr 15, 2008 at 9:51 AM, yoth <[EMAIL PROTECTED]> wrote: > Hi all, > > We are having a pretty big problem with backscatter for one of our clients. > It seems that lately the spammers love spoofing their domain. We are getting > several complaints a week from users receiving large quantities of NDRs > because of this. > > I'm sure this must be a common problem for any company with a decent web > presence. We aren't using SPF records right now. I've read that often this > doesn't really help. Also, it will be a little hard to pull off when we > control the corporate network, but not the website where some email will be > generated. > > Has anyone gotten any suggestions or tricks for dealing with this. > Blocking/quarantining all NDRs seems like a bad idea also. > > Or maybe our spam gateway should be catching most of these? Lots of the NDRs > would contain the original message text, which is obviously spam. > > Any ideas? > > Bill > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > -- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
