I know this is somewhat old hat, but some spammers recently started
using my domain as the bounce address for their spam (not as nasty as a
Joe Job, but pretty bad nonetheless). I started getting a lot (read
"several thousands") of messages inbound to either the null address or
an invalid user address of my server; the messages were of three types
-- 554s (unknown recipient or, more sadly, mailbox full),
challenge-response requests, and spam bounces. The latter two are the
subject of my post.
Challenge-Response requests: A company with the moniker
"spamarrest.com" has sold a few challenge-response systems, and each
such targeted system has duly e-mailed my server a challenge for each
spam message. I'm trying to make up my mind if I should spend a few
hours responding to the challenges (thus making life miserable for
"spamarrest.com" -- after all, it was THEY who contacted ME first) or if
I just should leave well enough alone.
Spam Bounces: There is an anti-spam boundary appliance called a
Barracuda, and there are apparently a lot of Barracudas swimming around
on the Internet -- many Barracuda systems attacked by the spammers also
dutifully sent my server an e-mail telling it that my spam had been
stopped by the appliance (only it wasn't my spam, of course). I've
cruised the Barracuda site and they call this situation "backscatter"
and offer suggestions on configuring the appliance not to do it; sadly,
each appliance comes configured by default to do "backscatter". The
technical suggestions seem on the order of closing the barn door after
the cows have escaped.
Both of the above are sort of like someone flaming Joe -- I just can't
see the logic.
doug(_dot_)campbell+asrg(_at_)craniumpro(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg