On Wed, Apr 18, 2007 at 03:16:40PM +0200, Werner Fleck wrote: > I did not mean forged bounces but real bounces for forged mails. > Spammers discovered my domains some months ago and are increasingly > using them for forged mails.
This used to be called "joe jobbing" but the term seems to have fallen into disuse (as everyone suffers these days). > I am using SPF to protect my domains but if > other mail servers don't check it on reception and then additionally > bounce the forged mail, I'm getting the bounce, not the spammer. > > It would be very helpful if I could reject those bounces just to avoid > double bounces and not annoy other postmasters. But then, if they'd run > better mail servers, they would not accept the original forged mail, I > would not get the bounces and they would not get the double bounces... The spammers who take my domain name in vain tend to use a random username for the emails, so I reject bounces sent to non-existent users with a special message that says "Looks like you're bouncing a mail witha spoofed sender - if you'd consider checking SPF records you could have rejectd this spam much easier". This gets rid of almost all the bad bounces (except where 'random-name' gets lucky) but this does rely on the fact that I have access to the list of valid recipients, which may not be the case with your domains. Cheers -- Tim
