faked return e-mail address discard

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

faked return e-mail address discard

Cameron Camp-2
Forgive me if this has been asked (or point me thusly):

My postfix box is getting e-mails where [hidden email]
sends to [hidden email] and uses a valid e-mail
address on my server for the return, so I get a non-delivery e-mail from
the [hidden email] mail server to the client
(virtual hosted) on my server. How can I block clients on my box from
getting these e-mails or discard these automatically, will postfix do
this? Apparently the spammers just got a valid e-mail my client had
somewhere like on a website and just used it as a return address for the
spam operation, or are there other scenarios that would likely cause
this? My box isn't blacklisted, has the right RDNS, and isn't
open-relaying.

Best,
Cameron

Reply | Threaded
Open this post in threaded view
|

Re: faked return e-mail address discard

Noel Jones-2
On 2/22/2010 12:59 PM, Cameron Camp wrote:

> Forgive me if this has been asked (or point me thusly):
>
> My postfix box is getting e-mails where [hidden email]
> sends to [hidden email] and uses a valid e-mail
> address on my server for the return, so I get a non-delivery e-mail from
> the [hidden email] mail server to the client
> (virtual hosted) on my server. How can I block clients on my box from
> getting these e-mails or discard these automatically, will postfix do
> this? Apparently the spammers just got a valid e-mail my client had
> somewhere like on a website and just used it as a return address for the
> spam operation, or are there other scenarios that would likely cause
> this? My box isn't blacklisted, has the right RDNS, and isn't
> open-relaying.
>
> Best,
> Cameron
>

That's called backscatter or outscatter or a joe-job.
http://en.wikipedia.org/wiki/Backscatter_%28e-mail%29
http://en.wikipedia.org/wiki/Joe_job

There isn't much you can do to stop spammers from doing this,
no more than you can stop me from walking down the street and
introducing myself as Cameron.

Publishing SPF records for your domain *may* make your domain
a less attractive target for a spammer to forge, but there's
not really any hard evidence for that claim.
http://www.openspf.org/

Here's an article on how to reject some of the bounces in postfix:
http://www.postfix.org/BACKSCATTER_README.html

SpamAssassin does a pretty good job of catching this type of
spam if you could add it to your server.

   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: faked return e-mail address discard

David DeFranco
In reply to this post by Cameron Camp-2
It's called Backscatter, and yes, it's a pain.

Try this: http://www.postfix.org/BACKSCATTER_README.html



On Mon, Feb 22, 2010 at 11:59 AM, Cameron Camp
<[hidden email]> wrote:

> Forgive me if this has been asked (or point me thusly):
>
> My postfix box is getting e-mails where [hidden email]
> sends to [hidden email] and uses a valid e-mail
> address on my server for the return, so I get a non-delivery e-mail from
> the [hidden email] mail server to the client
> (virtual hosted) on my server. How can I block clients on my box from
> getting these e-mails or discard these automatically, will postfix do
> this? Apparently the spammers just got a valid e-mail my client had
> somewhere like on a website and just used it as a return address for the
> spam operation, or are there other scenarios that would likely cause
> this? My box isn't blacklisted, has the right RDNS, and isn't
> open-relaying.
>
> Best,
> Cameron
>
>
Reply | Threaded
Open this post in threaded view
|

Re: faked return e-mail address discard

David DeFranco
Huh, just found Noel's excellent response in my gmail Spam folder.
Sorry for the duplicate response.



On Mon, Feb 22, 2010 at 6:21 PM, David DeFranco
<[hidden email]> wrote:

> It's called Backscatter, and yes, it's a pain.
>
> Try this: http://www.postfix.org/BACKSCATTER_README.html
>
>
>
> On Mon, Feb 22, 2010 at 11:59 AM, Cameron Camp
> <[hidden email]> wrote:
>> Forgive me if this has been asked (or point me thusly):
>>
>> My postfix box is getting e-mails where [hidden email]
>> sends to [hidden email] and uses a valid e-mail
>> address on my server for the return, so I get a non-delivery e-mail from
>> the [hidden email] mail server to the client
>> (virtual hosted) on my server. How can I block clients on my box from
>> getting these e-mails or discard these automatically, will postfix do
>> this? Apparently the spammers just got a valid e-mail my client had
>> somewhere like on a website and just used it as a return address for the
>> spam operation, or are there other scenarios that would likely cause
>> this? My box isn't blacklisted, has the right RDNS, and isn't
>> open-relaying.
>>
>> Best,
>> Cameron
>>
>>
>