Security Incidents mailing list archives

Re: Run a mail host with a public MX record? Seeing large numbers of bounces?

From: Richie B. <richie () NO-SPAM-HERE com>
Date: Fri, 14 Sep 2001 04:50:04 -0400 (EDT)

Andrew van der Stock wrote:

The scenario is this: SpamInjector talks with the victim mail host.
The victim mail host will accept the mail, but there's a problem. The
response from the victim box causes spam to the spam recipient, but
of course the victim host's fingerprints are all over it.


I see what you are saying. Nasty scenario to prevent.

Anyone else seeing this? We've been tossing around mechanisms to stop
it, but all the alternatives break compliance with the RFC, and will
certainly cause mail lists to be far less useful.


I haven't seen it myself, but most mailinglists use this feature to remove
non-existing addresses from their subscribers list. If you want to make
this abuse of your mailserver totally useless, make sure that the bounce
only includes the appropriate headers, and not the body of the original
message. This way it will be quite hard for the spammers to get their full
message accross.

-- Richie

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Run a mail host with a public MX record? Seeing large numbers of bounces? Andrew van der Stock (Sep 13)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Richie B . (Sep 14)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 14)
  - Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 15)
    - Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?) Andrew van der Stock (Sep 16)