Re: spoofed reply-to address

[Jeremy Mooney <jmooney.edulists () GMAIL COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Barbara Deschapelles wrote on 7/27/09 08:33 :
> Hello all,
> I've been reading through the archives of this list and am curious if
> anyone has found a cure.  There are a few threads from a while back, but
> no one has offered any cure except for filtering all bounced messages to
> a folder. One of our deans is getting boat loads of bounced messages. It
> appears that some spammer is using her email address as the reply-to or
> from address. The original messages appear to come from a myriad of
> different systems, so I'm speculating that the spam was generated by a
> bot system of sorts.

Every existing solution has drawbacks which have varying impact in
different environments (and varying collateral damage elsewhere too). If
you're willing to route outbound mail through your barracudas (or can
add an appropriate header to outbound messages), you could look into the
Invalid Bounce Suppression option (Block/Accept, Sender Authentication,
Invalid Bounce Suppression). I'd imagine this depends on the remote
server not mangling headers too much (so would probably filter legit stuff).

If you're just looking to not block legitimate bounces to the user, you
could maybe have the filter to delete/hide bounces exclude messages
containing Received lines of your outbound mail servers in the
body/attachments.

- --
Jeremy Mooney
ITS - Bethel University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iF0EARECAB0FAkpvWRoWGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRBiEJEZ/xdg
lvtxAJ9f+upiKP0KSE+sDiiHWfj/cxyp6gCfVg6iqdQYg08hnKlPayJ2qtH90Qc=
=OrTx
-----END PGP SIGNATURE-----