Re: What To Do About Fake Addresses?

• Previous message: Victor Duchovni: "Re: What To Do About Fake Addresses?"
• Maybe in reply to: KashMaster: "What To Do About Fake Addresses?"
• Next in thread: KashMaster: "Re: What To Do About Fake Addresses?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

KashMaster wrote:
> This question seems to have been answered many times and in various
> ways... in fact, so often that there is such an overabundance that it
> is difficult to winnow the wheat from the chaff. Consequently, I am
> seeking your opinions both in general and specifically with regard to
> postfix.
>
> To expand on the subject line: I was greeted (?) this morning by a
> mailbox of several thousand "mail failure" notices from servers all over
> the world. Without exception, these represented rejected spam (either
> caught by a spamguard or sent to a bad address) that had various
> non-existent return addresses at one of my domains.
>
> These were forwarded to a specific mailbox which I set up for unknown
> recipients... seemed like a good idea at the time, but obviously there
> are drawbacks.

This is bad because you will discard mail to mistyped addresses (what if
  I send mail to kachmaster? if you discard it, I won't notice my typo
and will assume you got my message).

Instead, use address validation to reject mail to (and from) invalid
addresses. if your maps are correctly configured, then you can add
        reject_unlisted_recipient
        reject_unlisted_sender
somewhere at the top of your restrictions (so that such mail is rejected
before you do expensive checks).

for backscatter using valid addresses, see the BACKSCATTER README. or
you can just live with this until you get annoyed enough to start block
listing the broken servers.

>
> No doubt the general subject lines can be filtered (and in fact, as this
> has happened before, a few thousand of them were filtered to "rejected"
> mailbox), but the more important question to my mind is whether there is
> something better (or additional) to do that would let the sender know
> that the return address was faked and did not originate from this domain?

there is nothing to tell the sender. They are broken, and some of them
will bounce your posts to their postmaser/abuse/... addresses (so these
are multi-broken), and you'll get bored very quickly. either ignore or
block the outscatter client.

• Previous message: Victor Duchovni: "Re: What To Do About Fake Addresses?"
• Maybe in reply to: KashMaster: "What To Do About Fake Addresses?"
• Next in thread: KashMaster: "Re: What To Do About Fake Addresses?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]