Run a mail host with a public MX record? Seeing large numbers of bounces?

["Andrew van der Stock" <ajv () e-secure com au>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

We are detecting a large number of messages that absolutely RFC822
compliant, but are causing our victim hosts to be delivering spam via
the use of a certain header (I do not want to divulge everything just
yet as it's absolutely RFC compliant and heavily used by legitimate
mail list software. If more spam program writers know about this, we
will not be able to stop the spam.)

The victim hosts are relay-resistant.

The scenario is this: SpamInjector talks with the victim mail host.
The victim mail host will accept the mail, but there's a problem. The
response from the victim box causes spam to the spam recipient, but
of course the victim host's fingerprints are all over it.

Anyone else seeing this? We've been tossing around mechanisms to stop
it, but all the alternatives break compliance with the RFC, and will
certainly cause mail lists to be far less useful. 

thanks,

Andrew van der Stock, MCSE, Senior Security Architect, e-Secure Pty
Ltd
"Secure in a Networked World"     Phone:  (03) 9699 7088 Fax: (03)
9699 7066
Suite 302, 370 St Kilda Rd        Mobile: 0412 532 963
Melbourne Victoria Australia      Email:  ajv () e-secure com au
ACN 068 798 194                   http://www.e-secure.com.au 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO6FrdXMQPsd9dowGEQIB2gCg+Wevw9mV1JTGaNInQIqfvTD5OuEAn2pp
h60edzNeC6C8trqmVa6CUQUu
=IJwX
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com