Arvid Ephraim Picciani wrote:
On Tuesday 13 May 2008 16:51:50 Matus UHLAR - fantomas wrote:
I've looked at it and I've (probably) missed it (again). Why do you think
that it pretends to look like backscatter, and why do you think it is not?
backscatter is what happens if mail systems automaticly reply to forged From:
headers.
In this case the mail was never sent over any third party. It claims to be
bounceback from my own MTA, while in fact it never went through any MTA
(directly sent from dialup).
I'm worried that this might be a new form of joe jobbing. Ie somone sends out
mails that look like bounceback from your machines.
Fake NDRs have been discussed few years ago. for example, sophos "spam
and the non-delivery report.." dates back to March 2004.
That said, one possibility is this: Some soho have an MSA on a dsl line.
a ratwared box inside (or a web service running on the MSA box) sends
mail to an invalid recipient. the MSA gets rejected and then sends you
an NDR. the MSA is borked enough to helo with the recipient domain, and
generates an incomplet NDR.
anyway, you can safely reject mail from systems that helo with your own
domain... (or is this mail to a trap?).
PS. The link you posted is no more valid... (I mean
http://rafb.net/p/q3eZwd93.html)
