--=-ct4jlQQ4c7hl5jca+77u
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


On Tue, 2008-04-08 at 12:36 -0700, ahgu wrote:
> They forged the header with my email addr as the return address.=20
> When it get bounced back by a server, everything is valid. Since the serv=

er
> strip off most of the content, it can pass the spamassassin very easily. =

I
> wonder if anyone got this problem?


Of course, it is very common.

SPF does a reasonable job of stopping it, since it is not worth the
spammer's time to forge when a good portion will be ditched as violating
spf.

the vbounce plugin is also useful for identifying the bad bounces and
discarding them.

Amavisd-new 2.6 has a new pen-pals feature that checks all DSN's
received to see if there is a corresponding outbound e-mail. That would
virtually eliminate your receipt of spoofed bounces.

The other solution is to convince every computer owner in the world to
replace their infected BOTs with a clean machine and stable OS, and to
maintain it properly. That one has considerably higher time investments
needed.

--=20
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com


--=-ct4jlQQ4c7hl5jca+77u
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBH+8yJGvhCU13z7IgRAoGnAJ4iKm9pJDVbLWS75ofLV7 y9USIpoQCfTHHq
dTVdqeZwuEro04Guh9FCVEc=
=UzoL
-----END PGP SIGNATURE-----

--=-ct4jlQQ4c7hl5jca+77u--