Am 03.02.2025 um 04:41:00 Uhr schrieb Doug via mailop: > It's backscatter from a phishing campaign. At first, I tried to > contact the server owner through their abuse@ account. They have us > blocked for ... "sending spam". (is this characteristic? do > blocklists not do SPF verification? can someone just send a bunch of > emails with forged return paths and from addresses to get them added > to a blocklist? seems very easy to abuse)
There are several blacklists that have their own listing criteria and admins can create their own rulesets. > What is The Way™, if any, to deal with backscatter? It doesn't seem > like there is a turnkey BATV solution for Postfix. I was considering > writing a Milter to do it, but I have no idea if it's even worth > trying. Just found this: https://sourceforge.net/projects/batv-milter/ > I did end up adding the backscatterer RBL, which at least sends these > emails to spam. It does remind me of why I don't really like > UCEPROTECT blocklists, though - they're very adamant about having my > server on the list because it's in a "bad neighborhood", Level 2/3 intentionally does this and anyone who uses that to permanently block mail wants to block legitimate mail too. > but this ISP sending thousands of emails (that could have been > prevented at this point by just recognizing that a single email > account on their service is generating thousands of bounces) is > considered clean. Maybe I misunderstand the purpose of the RBL and my > bias against UCEPROTECT is influencing me here. They don't list backscatter abuse in level 1, they have their own list for that. > Finally, these backscatter emails seem like something else that can > be abused. It is and that is why the only reasonable way to block mail is to reject it during the SMTP session. Although, several (commercial) products exists that don't handle it that way. > If someone forges the return path for an email, but has > access to it in some way, they can use it to find out which emails > don't exist. They can do that with immediately rejected mail too - they directly get the info that the inbox doesn't exist in the SMTP session. -- Gruß Marco Send unsolicited bulk mail to [email protected] _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
