spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?

2005-11-28 13:20:19
from [paddy] [Permanent Link] 
On Sun, Nov 27, 2005 at 02:40:59PM +1100, Chris wrote:

Hi Larry,

No - I had no "catch all" up until today (when I switched "catch all"
on so as to feed my abuse reporting script with the message bodies)

Those 50,000+ bounce spams each day have all been rejected, but since
one of the afflicted domains is on my slow home DSL line, even the
load of rejecting all this crap has a negative impact, and after
3+months I've decided it's time to try and stop it!

There's the occasional mention in news.admin.net-abuse.sightings of
other forged sender addresses using the same dictionary as they are
using on mine, but really nothing of significance - which given the
insane volume, makes me even more suspicious...

What do you think? Should I flip the switch and start sending these
abuse reports?  See below for a sample of what I propose to send:


Chris,

I'd be pleased to sign up as a "beta-tester" as soon as you want one ...

My personal bugbear is bounces of virus detections sent to the "sender"
when the virus detected is known to forge the sender.

I really think that REJECT is not the last word in preventing this kind
of thing, and that a notice to abuse/postmaster, with followup, is
another possibility.  As you point out, such senders may also be 
sources of legitamate mail, so meausures such as RBLs or teargrub
may be excessive.

At the same time, novel uses of the text in 5xx and 4xx may succeed in
gently contacting some admins (Didn't Stuart offer a positive story of
this recently ?)

I do think its important not to send a notice per abusing mail, but perhaps
a daily report, but I also think that having as many people as possible
working on the problem might lend weight.

I'm also aware that, as Frank points out, Spamcop will now blacklist for
this.

One question though ... surely all this must have been tried before ?

Would any kindly and more experienced soul care to summarise for me/us
the history of such attempts?

While we're at it ... Am I correct in thinking that bounces are sometimes
"unavoidable" (multiple recipients where you want to reject for only some 
after DATA comes to mindi, or is there a good way round that) ?

Regards,
Paddy
-- 
Perl 6 will give you the big knob. -- Larry Wall

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?, Jim Hill
Next by Date:  Re: [spf-discuss] Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?, Stuart D. Gathman
Previous by Thread:  [spf-discuss] Re: Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?, Frank Ellermann
Next by Thread:  Re: [spf-discuss] Bounce-Spam and SPF-Ignorant ISPs - it is time to retaliate?, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]