John Hardin wrote:
On Tue, 10 Feb 2009, Johnson, S wrote:
However, over the past few weeks I've had a few select users complain
about receiving 3-4 thousand bounce messages per day from what appears
to be mail delivery error messages. From what I can tell it's the
spammer spoofing the sender with their user ID and the messages they
receive are the servers responding with an unknown user or the like.
Does anyone know a work around for this?
Assuming the forged sender address is in your domain, you should look
into publishing an SPF record for your domain and/or implementing DKIM
signing of your outbound mail.
Unfortunately this will only *reduce* the backscatter, not eliminate it
totally. Not everyone checks inbound mail using these antiforgery
mechanisms.
Backscatter is a problem caused by misconfigured mail servers who bounce
back the email to the (forged) sender address after initially accepting
the mail at the smtp level. If the admins responsible for these servers
can't configure that relatively simple aspect correctly what hope do you
place that they may have successfully managed to configure SPF or DKIM?
You have no way of knowing how effective SPF may (or may not) be against
backscatter. Besides, I'm not aware of many places that will arbitrarily
bounce mail based on SPF failure.
JMHO :)
