On 27/11/05, Scott Kitterman <spf2(_at_)kitterman(_dot_)com> wrote:
Spamcop will take reports on bounces.
It seems that one of my personal domains is now used as the FROM
domain to send advertisements of Building and Construction Licence
services in Spb., Rus. Fed.
Most of those messages originate from IPs and domains that I REJECT in
my /etc/mail/access, so I am very disappointed that now, because of
the carelessly configured so-called legitimate servers, I have to see
all of those messages unfairly bounce to me.
I've looked at http://www.spamcop.net/fom-serve/cache/125.html
(referred as "what to report and what not to report to SpamCop"), and
it does not seem to address spam bounces... Where do I report these
bounces? Justice must happen!
Cheers,
Constantine.
On 11/26/2005 20:08, Chris wrote:
I have been getting 50,000+ "bounce spam" emails each day since as far
back as my logs reach (September 2005).
Having recently updated my "?all" to "-all" I am now angry that it has
made no difference. Tens of thousands of ISPs are running servers
that happily bounce spam right back to me, despite the fact that it
was their own customers (zombie infected PCs I expect) forging my
email address to use in the "From:" and "MAIL FROM" fields.
I cannot blacklist this junk because it always comes from real mail
servers, like AOL etc.
I wrote a perl script which accepts this bounce crap, extracts the
ISPs mail server IPs and abuse contacts, the zombie-PC's IP and abuse
contacts, and composes an abuse auto-response.
My question is this: should I send these abuse reports? I estimate
that I'm getting about 100megs of spam from these sources each day,
and each abuse report will be going out to 1 to 4 abuse reporting
addresses (so - including my header and the original spam - this
script will be producing 500+megs of abuse reports each day!)
What kinds of problems will I get when sending out these reports?
(will I get blacklisted, abuses by sysops, DoS'ed, etc?)
Is there a better way to stop this crap? I operate about 100 domains,
and the bounce-spam problem is limited to just 2 of them, with the
spammers apparently doing this:-
MAIL FROM: <$english_dictionary{rand()}(_at_)mydomain(_dot_)com> RET=FULL
RCPT TO: <$english_dictionary{rand()}(_at_)$bouncespamdomain{rand()}>
Is anyone else suffering this same problem? I find it somewhat
suspicious, especially as they've picked domains of mine that are on
different servers, and not different domains on the same server: could
I be the victim of a perpetual DDoS attack perhaps?
Kind Regards,
Chris
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
--
В. В. Путин о совершенстве, 24 декабря 2000 года: Если человека все
устраивает, то он полный идиот. Здорового человека в нормальной памяти
не может всегда и все устраивать.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com