Educause Security Discussion mailing list archives
Re: Dealing with s-p-a-m "backscatter"
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 17 Jul 2008 14:33:15 +1200
Ian McDonald wrote:
Has anyone come up with a more creative way to block the spam backscatter while allowing the legit non-delivery SMTP notifications to come through?MailScanner can add a watermark to each outgoing message (derived from a secret you configure), so that they appear in legitimate notifications. It can hence bin non-legit ones inbound :) . http://www.mailscanner.info/MailScanner.conf.index.html#Add%20Watermark I presume similar functionality is available in other packages, but I noticed it in MailScanner.
It would be difficult to retrofit I suspect. The idea is straight forward enough -- add an X-watermark header that is an MD5 of the message id concatenated with a secret, then check for it in the headers of returned mail and dump the bounce if a/ it is missing or b/ it does not match. Hmmm.... given that this is automated spam we are talking about simply dropping bounces of messages that don't have the right format of message id may work... any one looked at doing that in either postfix or sendmail. Russell
Current thread:
- Dealing with s-p-a-m "backscatter" Jeff Giacobbe (Jul 15)
- <Possible follow-ups>
- Re: Dealing with s-p-a-m "backscatter" Wes Young (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Jesse Thompson (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Ian McDonald (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Russell Fulton (Jul 16)
- Re: Dealing with s-p-a-m "backscatter" Jesse Thompson (Jul 21)