--On Thursday, October 16, 2008 09:01:02 -0500 [EMAIL PROTECTED] wrote:
In the last hour, I've received over 200 legitimate bounce messages
from email services as a result of someone having used or worse is
using my email address in spam from multiple windows machines and ip
addresses. The end result is that I am getting the bounce messages.
I'm sure that others on this list have experienced the problem and
maybe have a solution that I don't have.
The messages are allowed through my obspamd/pf and pf smtp bruteforce
blocking rules because they are completely legit.
I guess the work around is to filter them on incoming together with
our local bounce messaages util the spammers get tired of my address.
We call those "bounceback spam". The only solution that I know of is to tag
all outgoing messages with a special header and then check for that header on
all returns and reject those that don't contain the header. All legitimate
bounces would contain the header because they originated with your MTA.
E.g. X-Bounceback-Check: 0987923874
The value of the header can be anything you want it to be, and you can change
it periodically if you want to keep statistical data.
--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/