ietf-asrg
[Top] [All Lists]

[Asrg] Challenge-Response and Spam Bounces

2005-11-02 01:13:09
I know this is somewhat old hat, but some spammers recently started using my domain as the bounce address for their spam (not as nasty as a Joe Job, but pretty bad nonetheless). I started getting a lot (read "several thousands") of messages inbound to either the null address or an invalid user address of my server; the messages were of three types -- 554s (unknown recipient or, more sadly, mailbox full), challenge-response requests, and spam bounces. The latter two are the subject of my post.

Challenge-Response requests: A company with the moniker "spamarrest.com" has sold a few challenge-response systems, and each such targeted system has duly e-mailed my server a challenge for each spam message. I'm trying to make up my mind if I should spend a few hours responding to the challenges (thus making life miserable for "spamarrest.com" -- after all, it was THEY who contacted ME first) or if I just should leave well enough alone.

Spam Bounces: There is an anti-spam boundary appliance called a Barracuda, and there are apparently a lot of Barracudas swimming around on the Internet -- many Barracuda systems attacked by the spammers also dutifully sent my server an e-mail telling it that my spam had been stopped by the appliance (only it wasn't my spam, of course). I've cruised the Barracuda site and they call this situation "backscatter" and offer suggestions on configuring the appliance not to do it; sadly, each appliance comes configured by default to do "backscatter". The technical suggestions seem on the order of closing the barn door after the cows have escaped.

Both of the above are sort of like someone flaming Joe -- I just can't see the logic.

doug(_dot_)campbell+asrg(_at_)craniumpro(_dot_)com



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>