[clue-tech] spam-jacked
Keith Hellman
khellman at mcprogramming.com
Wed Nov 22 14:08:51 MST 2006
On Tue, Nov 21, 2006 at 09:01:45PM -0700, David L. Willson wrote:
> On Tue, 2006-11-21 at 17:53 -0700, Keith Hellman wrote:
> > On Tue, Nov 21, 2006 at 04:04:37PM -0700, David L. Willson wrote:
> > > Does anyone have an idea what to do when a spammer uses a valid email
> > > address, that you're responsible for, as the return address on their
> > > spam? My users (and I) are getting flooded with NDRs and rejection
> > > messages from anti-spam systems that think we're sending things we're
> > > not sending. Any ideas?
> >
> > I've had the same issue as well. I used to procmail these into
> > /dev/null (the procmail rc file was auto-generated from a list of known,
> > valid addresses at the domain). My newest ISP provides the same feature
> > on their end, so I don't see these messages anymore.
>
> How do you differentiate between a real NDR and an NDR from a message
> you never sent? Similarly, how do you differentiate between a genuine
> polite spam-filter notification that "I'm not passing your message on."
> and one that is in response to a message you never sent?
The messages I never sent had From fields that had bogus Email
destinations. For instance
dkaf38473idf at mcprogramming.com
I knew all the *valid* email addresses from mcprogramming.com, so those
addresses were allowed to pass through the procmail filter.
Note that I never had any bounces from the legitimate addresses, only
from addresses that appeared to be a random set of characters in front
of the @mcprogramming.com.
--
Keith Hellman #include <disclaimer.h>
khellman at mcprogramming.com from disclaimer import standard
public key @ pgp.mit.edu B5354B76
I used to be schizophrenic, but we're okay now.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://cluedenver.org/pipermail/clue-tech/attachments/20061122/fde47444/attachment-0001.bin
More information about the clue-tech
mailing list