[Dshield] spam problem

bOnK dshield_list at webmeneer.nl
Wed Apr 26 15:51:03 GMT 2006


Paul Marsh wrote:
> Over the last week I've been noticing a slow but sure increase in NDR's
> in my postmasters mailbox.  The NDR's are a result of some spam spewer
> some where on the net.  The emails are being returned to the following
> none existent boxes.

>8 snip 8<

> I'm sure there is no way to track this thing down and nothing I can do
> or is there?

Other then setting up SPF records, which might stop *some* legitimate 
servers to accept mail claiming to be from you, there's not very much 
you could do to prevent this.
http://spf.pobox.com/

But then ... why do you accept (bounces|mail) to non-existent users in 
the first place?

/*
spammie sends to non_existent_user at some_domain, claiming to be from 
non_existent_user at other_domain.
mail is accepted by some_domain,
THEN they find out about non_existent_user and send a NDR to ...
NDR is accepted by other_domain
THEN they find out about non_existent_user and send a NDR to ...
OOPS can't NDR an NDR, so have to send it to postmaster

I'm just an egg, so there might be some logic in there which I can't 
find ... could it be that "550 No such user" is just too plain simple? ;-)
*/

-- 
bOnK


More information about the list mailing list