Symantec says that backscatter-as-deliberate-spam-technique is back in
vogue. See their April State of Spam Report
http://www.symantec.com/enterprise/security_response/weblog/2008/04/post
_8.html
Andrew.
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Todd Richards
Sent: Thursday, April 03, 2008 12:43 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter
Jim -
I'm running the exact same set up as you are. We had the same
problem about two weeks ago. I don't know if this made much difference
or not, but I noticed the domains that we were seeing this with did not
have any SPF records in place. So when I saw this sudden increase come
through, I added a strict SPF policy for that domain. The backscatter
for that domain all but stopped. A few days later, a different domain
was targeted - without an SPF record - and adding one seemed to cure
that. This happened a few more times, with the results all the same.
I'm not at an expert level to say whether this did or did not do
the trick. Perhaps it was just coincidental. All the new domains that
are set up and running services through us get strict SPF records put in
place from the start. However, the older domains that have been around
for a while - that didn't have SPF in place - were the ones that seemed
to have had the problem. And since then, we haven't had any more
problems with that.
I can't say for sure that them having their email addresses on
their websites was the problem for sure or not. For what it's worth, my
"new" policy is to not put email addresses on public websites.
Anyway, just thought I would throw that out there.
Todd
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Jim Comerford
Sent: Thursday, April 03, 2008 1:46 PM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] Forged-Spam Backscatter
Over the last several weeks we have seen a dramatic increase in
spam hitting our server. From about 70,000 mails a day to around
110,000 /day.
Most destined for our users is getting properly filtered by
declude.
What is getting thru is backscatter from spam that is forging
addresses from domains we host. It seems just about any address that is
posted on a website seems to be being used to forge outgoing spam (not
from our server) -- and is generating all sorts of bounce messages.
I suspect there is not much I can do to block this backscatter
without blocking legit bounce messages... but I thought I'd ask.
Here is our config:
Imail 8.22
Declude 4.3.64
invURIBL 3.1.1
Sniffer
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
