This is a discussion on Re: Returned mail spam - SpamAssassin ; --=-ct4jlQQ4c7hl5jca+77u Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2008-04-08 at 12:36 -0700, ahgu wrote: > They forged the header with my email addr as the return address.=20 > When it get bounced back by a server, everything is valid. Since the ...
--=-ct4jlQQ4c7hl5jca+77u
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2008-04-08 at 12:36 -0700, ahgu wrote:
> They forged the header with my email addr as the return address.=20
> When it get bounced back by a server, everything is valid. Since the serv=
er
> strip off most of the content, it can pass the spamassassin very easily. =
I
> wonder if anyone got this problem?
Of course, it is very common.
SPF does a reasonable job of stopping it, since it is not worth the
spammer's time to forge when a good portion will be ditched as violating
spf.
the vbounce plugin is also useful for identifying the bad bounces and
discarding them.
Amavisd-new 2.6 has a new pen-pals feature that checks all DSN's
received to see if there is a corresponding outbound e-mail. That would
virtually eliminate your receipt of spoofed bounces.
The other solution is to convince every computer owner in the world to
replace their infected BOTs with a clean machine and stable OS, and to
maintain it properly. That one has considerably higher time investments
needed.
--=20
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
--=-ct4jlQQ4c7hl5jca+77u
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQBH+8yJGvhCU13z7IgRAoGnAJ4iKm9pJDVbLWS75ofLV7 y9USIpoQCfTHHq
dTVdqeZwuEro04Guh9FCVEc=
=UzoL
-----END PGP SIGNATURE-----
--=-ct4jlQQ4c7hl5jca+77u--
