Educause Security Discussion mailing list archives
Re: Dealing with s-p-a-m "backscatter"
From: Wes Young <wcyoung () BUFFALO EDU>
Date: Wed, 16 Jul 2008 07:00:05 -0400
http://www.postfix.org/BACKSCATTER_README.html It's not much, but it's a start. On Jul 15, 2008, at 10:42 PM, Jeff Giacobbe wrote:
Colleagues- Like many of you, we have been experiencing an increase in spam- related "backscatter" (non-delivery notifications sent to the victim of a spoofed email address) The incidents are still few in number, thankfully, but when they do occur to one of our users they often receive *thousands* of non- delivery notifications, usually within a 24hr period. The onslaught of messages is not only a nuisance but is often crippling to the victim as they wade through all that junk in their Inbox. I have followed various discussions on this topic but so far have not seen a clear solution other than simply blocking all inbound "non-delivery" notifications (and presumably other related SMTP diagnostic messages) at our gateway. While that would certainly fix the immediate problem, it would also mean legitimate non-delivery messages (i.e. a simple typo in an address) would never get sent back to our users. Has anyone come up with a more creative way to block the spam backscatter while allowing the legit non-delivery SMTP notifications to come through? Thanks, Jeff Giacobbe Director of Systems, Security, Networking Montclair State University
-- Wes Young Network Security Analyst CIT - University at Buffalo http://claimid.com/saxjazman9
Attachment:
smime.p7s
Description:
Current thread:
- Dealing with s-p-a-m "backscatter" Jeff Giacobbe (Jul 15)
- <Possible follow-ups>
- Re: Dealing with s-p-a-m "backscatter" Wes Young (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Jesse Thompson (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Ian McDonald (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Russell Fulton (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Jesse Thompson (Jul 21)