From: Wietse Venema (no email)
Date: Thu Mar 20 2008 - 15:05:23 EDT
Wietse Venema:
> Mike Morris:
> > I set up catchalls for some of the domains that were getting hit the
> > hardest and aliased them to an actual email address, and then waited for
> > the flood to pour in. Some of what I saw were normal DSNs that appeared
> > to be generated because people were forwarding their Google-hosted email
> > address(es) to some third-party servers which then rejected the
> > messages. Nothing too exciting. After leaving everything alone for a
> > while a large amount of emails came in at once from the Google servers.
> >
> > This large group of messages contained what I believe to be the major
> > culprit. They were bounce messages being sent to spoofed email
> > addresses for domains we host because the spammer was sending emails to
> > random @googlegroups.com email addresses. The Google MX servers accept
> > email for any address in the googlegroups.com domain, whether it exists
> > or not. If that user/group does not exist then the Google servers send
> > a bounce message back to the spoofed sender. Anyone can try it; send an
> > email to a completely bogus address @googlegroups.com. You will get a
> > bounce back that looks like this:
> >
> > Hello ,
> >
> > We're writing to let you know that the group that you tried to
> > contact (7794........387274750277$slkdjflkasjdflahsdfas884--___)
> > doesn't exist. There are a few possible reasons why this
> > happened:
>
> Confirmed. Mail to is received first
> and bounced later.
>
> I checked my logs, and Google is responsible for 2/3 of the burst
> of backscatter mail that hit my server yesterday.
I have pinged someone inside Google that googlegroups.com is a major
source of pollution.
Wietse
|
|
|