I did not mean forged bounces but real bounces for forged mails.
Spammers discovered my domains some months ago and are increasingly
using them for forged mails. I am using SPF to protect my domains but if
other mail servers don't check it on reception and then additionally
bounce the forged mail, I'm getting the bounce, not the spammer.
It would be very helpful if I could reject those bounces just to avoid
double bounces and not annoy other postmasters. But then, if they'd run
better mail servers, they would not accept the original forged mail, I
would not get the bounces and they would not get the double bounces...
Werner
Mark Farver schrieb:
Werner Fleck wrote:
I receive a lot of bounces for mail messages which I have not
originally sent. Most of this bounces have the original mail somewhere
in the body. The original mail often contains a "Received:" line with
one of my domains but wrong ip addresses.
These are not necessarily forged bounce messages. Lately I've noticed
that spammers using zombies are forging the sender, and adding a forged
received line that contains the MX for the forged sender domain. Its
just like any other "joe job" but the addition of the fake received line
makes it a look a little more legitimate.
Check the line just above the forged "received" line, odds are it will
be an obvious zombie host.
If a spammer is joe jobbing you, there is not much you can do. Reject
all mail for non-existent users during the SMTP transaction.
You could write some system that tags messages that were sent from your
host, and only allow bounces that have that identifier back through.
But all you end up doing is double bouncing the message, and some other
innocent postmaster will have to deal with it.
Mark Farver
