I have been getting 50,000+ "bounce spam" emails each day since as far
back as my logs reach (September 2005).
Having recently updated my "?all" to "-all" I am now angry that it has
made no difference. Tens of thousands of ISPs are running servers
that happily bounce spam right back to me, despite the fact that it
was their own customers (zombie infected PCs I expect) forging my
email address to use in the "From:" and "MAIL FROM" fields.
I cannot blacklist this junk because it always comes from real mail
servers, like AOL etc.
I wrote a perl script which accepts this bounce crap, extracts the
ISPs mail server IPs and abuse contacts, the zombie-PC's IP and abuse
contacts, and composes an abuse auto-response.
My question is this: should I send these abuse reports? I estimate
that I'm getting about 100megs of spam from these sources each day,
and each abuse report will be going out to 1 to 4 abuse reporting
addresses (so - including my header and the original spam - this
script will be producing 500+megs of abuse reports each day!)
What kinds of problems will I get when sending out these reports?
(will I get blacklisted, abuses by sysops, DoS'ed, etc?)
Is there a better way to stop this crap? I operate about 100 domains,
and the bounce-spam problem is limited to just 2 of them, with the
spammers apparently doing this:-
MAIL FROM: <$english_dictionary{rand()}(_at_)mydomain(_dot_)com> RET=FULL
RCPT TO: <$english_dictionary{rand()}(_at_)$bouncespamdomain{rand()}>
Is anyone else suffering this same problem? I find it somewhat
suspicious, especially as they've picked domains of mine that are on
different servers, and not different domains on the same server: could
I be the victim of a perpetual DDoS attack perhaps?
Kind Regards,
Chris
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com