Kjetil Kjernsmo wrote:
Hi all!
I just returned from vacation discovering that a spammer is doing a lot
of big spamruns with non-existant local parts of my domains in the
From: and Return-Path.
So, when they hit an undeliverable address, the bounce bounces back at
that non-existant address on my domain, which again bounces back at my
postmaster address. So, I get a hundred failure notices a day... :-(
IIRC this is called "joe-job" and depending on how big the spamrun it
can escalate to a very big problem.
I guess I should discard those...? Even if that means the risk of not
discovering that something is wrong somewhere here...
Anyone know how to do that?
You could create a SPF record for your domain. This will not eliminate
your problem, but may reduce it - anyway look at http://www.openspf.org
You could also try to deny emails where the <mail from:> is empty
(bounce messages).
If you've a list of valid email addresses then you could check if the
recipient is valid and deny the rest.
A more complicated solution is to extract the original email often
embedded in the bounce message and antispam scan that. This requires a
lot of parsing since no single standard exists for "bounce messages".
Best regards,
Diego d'Ambra
