Re: email address probes

[Andy Bastien <lists+incidents () yuggoth net>]

We have reason to believe that on Thu Feb 06 Ned Fleming wrote:
> On Wed, 5 Feb 2003 20:54:19 +0000, Andy Bastien
> <lists+incidents () yuggoth net> wrote:
>
> [snip]
>
> > I'd like to be able to stop these attempts, but I can't think of a way
> > to do it.  All of the attempts are coming from valid servers from some
> > domains that we can't block.  They do all have null reverse-paths
> > (MAIL FROM:<>), but I don't think that we can reject on this criteria
>
> Maybe you're being joe-jobbed. To wit: A spammer is using your domain
> name as the "From: xyz () yogguth net" or "Reply-To:" address on the spam
> he's spewing.
>
>       http://www.spamfaq.net/terminology.shtml#joe_job


You get the gold star; this is exactly what is happening.  As a test,
I set up an account to catch all mail to nonexistent addresses.  I
found that most of them are NDRs.

I don't want to keep this setup for any extended period, because I
believe people should get NDRs back if they send mail to the wrong
address.  I want to avoid the kind of situation where Alice sends Bob
an email but spells Bob's name wrong, doesn't get back an NDR, and
thinks that Bob is ignoring her when he doesn't reply.  This could be
especially problematic with Valentine's Day approaching <g>.

It also doesn't seem fair to me to set up a tarpit, because this would
cause the NDRs to queue up on AOL's and MSN's servers, and it's not
their fault that all of these emails that they're trying to send have
invalid addresses.

I guess I'll just have to grin and bear it for now.  I appreciate all
of the responses that I've gotten; I've certainly learned a few new
terms out of this whole affair.








----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com