Re: [OT] Gmail Backscatter?

From: Wietse Venema (no email)
Date: Thu Mar 20 2008 - 15:05:23 EDT

  • Next message: Victor Duchovni: "Re: [OT] Gmail Backscatter?"

    Wietse Venema:
    > Mike Morris:
    > > I set up catchalls for some of the domains that were getting hit the
    > > hardest and aliased them to an actual email address, and then waited for
    > > the flood to pour in. Some of what I saw were normal DSNs that appeared
    > > to be generated because people were forwarding their Google-hosted email
    > > address(es) to some third-party servers which then rejected the
    > > messages. Nothing too exciting. After leaving everything alone for a
    > > while a large amount of emails came in at once from the Google servers.
    > >
    > > This large group of messages contained what I believe to be the major
    > > culprit. They were bounce messages being sent to spoofed email
    > > addresses for domains we host because the spammer was sending emails to
    > > random email addresses. The Google MX servers accept
    > > email for any address in the domain, whether it exists
    > > or not. If that user/group does not exist then the Google servers send
    > > a bounce message back to the spoofed sender. Anyone can try it; send an
    > > email to a completely bogus address You will get a
    > > bounce back that looks like this:
    > >
    > > Hello ,
    > >
    > > We're writing to let you know that the group that you tried to
    > > contact (7794........387274750277$slkdjflkasjdflahsdfas884--___)
    > > doesn't exist. There are a few possible reasons why this
    > > happened:
    > Confirmed. Mail to is received first
    > and bounced later.
    > I checked my logs, and Google is responsible for 2/3 of the burst
    > of backscatter mail that hit my server yesterday.

    I have pinged someone inside Google that is a major
    source of pollution.


  • Next message: Victor Duchovni: "Re: [OT] Gmail Backscatter?"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD