All,
I mentioned previously that my domain name has been hijacked by spammers
for use in falsified return paths. As a result, I am receiving
approximately 500 bounce e-mails per day from spammed servers. I've
noticed something quite interesting about the most recent batch of
bounces -- the message id of the bounced spam attachment starts with
what appears to be an ESC 20 (or, more exactly, text looking like
<R[20), with the rest of the headers and body suppressed.
I'm wondering what the spammers are up to with this -- the bounce e-mail
contains virtually NO information to allow me to backtrace. Any ideas?
Claus,
I've just realized that the .forward capability in sendmail operates
differently than my MUA, thunderbird, does when I manually forward.. If
I manually forward an e-mail from thunderbird, I tell it the new
recipients and get the chance to add additional information in a body.
Thunderbird makes the original e-mail headers and body into an
attachment and wrappers that with my own envelope, headers, and body.
Why is the automated process different from the manual one?
Note that, in the case of forwarded mail, it has often been accepted by
a boundary MTA and sent onward to the appropriate interior MTA for
delivery to the end user; it's the interior machine that has access to
the .forward information, not the boundary MTA. Hence, the only way the
original sender can be notified that the possibly multiple forwarding
addresses have problems is via bounce messages, since his original
e-mail has already been accepted by a boundary MX system of the
forwarder's domain.
I'm coming to the conclusion from my own bounce message problems that
bounce messages are intrinsically bad, because they can easily be turned
into a third party DOS issue. For example, I've thought of adding
abuse(_at_)aol(_dot_)com to a .forward file in my postmaster account, given that
they are hosting the spamvertised website's portal page and refuse to
take it down.
Cheers,
Doug Campbell
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg