[EMAIL PROTECTED] (Justin Mason) writes: > Ah. I'm already using a simpler version, which just looks for my IPs in > bounce messages and ignores them if they aren't present.
Yeah, that might work. If I recall correctly, I found a few blowbacks that had my IP in the bounce message (where my MTA did an SMTP reject and a blowback later came all the way back to me). I wanted to use features that meant me, as a person, sent the mail. > BTW, there's still an aspect of blowback that isn't covered by those; > namely the "we found a virus in your mail!!!!!11" messages sent from > <[EMAIL PROTECTED]> instead of from <>. Since those > seem to be a wide variety of sending addresses (often invalid), > wordings, and subject lines, they're quite tricky to catch. (that's > what the VBOUNCE_ rules are good at catching.) True. I actually used VBOUNCE for this test: I counted Return-path: headers and doing MAILER-DAEMON@ and the null sender covers 97% or something like that. postmaster@ was #3. The "virus" names like you mention were *all* over the map, but I only had one or two hits of each (looking at 18 months of ham), so I didn't bother. (Note: I also catch a fair number of those just by filtering viruses, since maybe 1/3 of them forward back the virus.) Daniel -- Daniel Quinlan http://www.pathname.com/~quinlan/
