From what I've seen the VBounce ruleset catches ALL backscatter and does
not distinguish between legitimate bounce-backs and bounce-backs of emails
with forged return addresses - which basically makes it useless for
filtering out joe-jobs.
VBounce should be matching the forged name of the orginating mailserver
against the IP address of the originating mailserver.
At 04:59 AM 4/11/2008, Justin Mason wrote:
Jason Haar writes:
> I think we've detoured from the actual problem?
>
> The fact is that lots of spam is now being sent to other sites,
> pretending to be from (collectively) our email addresses, so that we get
> the bounces containing the spam. And SA isn't marking these messages as
> spam, whereas if it was directly sent the same spam, it would.
>
> So how do we fix this situation? What about getting SA to "detach" the
> associated bounced message as a separate message and score that instead?
> I know I can casually just say that - doing is a different matter - but
> isn't that really the only answer to this problem?
There's no problem. SpamAssassin 3.2.x includes the VBounce ruleset which
is expressly designed to catch backscatter -- and does a good job at it.
If you have a backscatter problem, you need to start using that ruleset.
--j.
Best Regards,
Jeff Koch, Intersessions
