Educause Security Discussion mailing list archives
Re: Dealing with s-p-a-m "backscatter"
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Wed, 16 Jul 2008 13:41:33 -0500
Jeff Giacobbe wrote:
Colleagues- Like many of you, we have been experiencing an increase in spam-related "backscatter" (non-delivery notifications sent to the victim of a spoofed email address) The incidents are still few in number, thankfully, but when they do occur to one of our users they often receive *thousands* of non-delivery notifications, usually within a 24hr period. The onslaught of messages is not only a nuisance but is often crippling to the victim as they wade through all that junk in their Inbox. I have followed various discussions on this topic but so far have not seen a clear solution other than simply blocking all inbound "non-delivery" notifications (and presumably other related SMTP diagnostic messages) at our gateway. While that would certainly fix the immediate problem, it would also mean legitimate non-delivery messages (i.e. a simple typo in an address) would never get sent back to our users. Has anyone come up with a more creative way to block the spam backscatter while allowing the legit non-delivery SMTP notifications to come through?
Nope. Luckily it's short lived for each victim. There's ips.backscatterer.org, which you could use to reject DSNs from anyone listed on the DNSBL. However there are a lot of legitimate servers on that list. Most notably: Google. Blocking all DSNs would be a bad idea. Jesse
Thanks, Jeff Giacobbe Director of Systems, Security, Networking Montclair State University
-- Jesse Thompson Email/IM: jesse.thompson () doit wisc edu
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Dealing with s-p-a-m "backscatter" Jeff Giacobbe (Jul 15)
- <Possible follow-ups>
- Re: Dealing with s-p-a-m "backscatter" Wes Young (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Jesse Thompson (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Ian McDonald (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Russell Fulton (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Jesse Thompson (Jul 21)