Ali Resting wrote:
Over the last couple of weeks, I have been noticing an increased
number of Out Of Office Spam messages. It looks as though the spammers
are signing up for legitimate email accounts and then enabling the
out-of-office autoresponse message. They then bombard these accounts
with spoofed email addresses which then send out the spam messages.
Most of the emails I have seen pass the SPF test as they originate
from legitamate mail servers. Does anyone have a clue on how to limit
this?
This kind of reflective delivery has been in use for a while. They use
any facility that includes part (enough) of the message in a bounce,
vacation message, etc.
We code rules for these when it is safe to do so--- we don't want to
block legitimate bounce messages, but if we can identify enough of a
known spam/malware campaign within the bounce we do code for those.
When you get these it helps to send us samples:
http://www.armresearch.com/support/articles/procedures/spamSubmissions.jsp
Best,
_M
