We have reason to believe that on Thu Feb 06 Ned Fleming wrote: > > On Wed, 5 Feb 2003 20:54:19 +0000, Andy Bastien > <lists+incidentsat_private> wrote: > > [snip] > > >I'd like to be able to stop these attempts, but I can't think of a way > >to do it. All of the attempts are coming from valid servers from some > >domains that we can't block. They do all have null reverse-paths > >(MAIL FROM:<>), but I don't think that we can reject on this criteria > > Maybe you're being joe-jobbed. To wit: A spammer is using your domain > name as the "From: xyzat_private" or "Reply-To:" address on the spam > he's spewing. > > http://www.spamfaq.net/terminology.shtml#joe_job You get the gold star; this is exactly what is happening. As a test, I set up an account to catch all mail to nonexistent addresses. I found that most of them are NDRs. I don't want to keep this setup for any extended period, because I believe people should get NDRs back if they send mail to the wrong address. I want to avoid the kind of situation where Alice sends Bob an email but spells Bob's name wrong, doesn't get back an NDR, and thinks that Bob is ignoring her when he doesn't reply. This could be especially problematic with Valentine's Day approaching <g>. It also doesn't seem fair to me to set up a tarpit, because this would cause the NDRs to queue up on AOL's and MSN's servers, and it's not their fault that all of these emails that they're trying to send have invalid addresses. I guess I'll just have to grin and bear it for now. I appreciate all of the responses that I've gotten; I've certainly learned a few new terms out of this whole affair. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Feb 07 2003 - 10:49:40 PST