From what I've seen the VBounce ruleset catches ALL backscatter and does
not distinguish between legitimate bounce-backs and bounce-backs of emails
with forged return addresses - which basically makes it useless for
filtering out joe-jobs.

VBounce should be matching the forged name of the orginating mailserver
against the IP address of the originating mailserver.

At 04:59 AM 4/11/2008, Justin Mason wrote:

>Jason Haar writes:
> > I think we've detoured from the actual problem?
> >
> > The fact is that lots of spam is now being sent to other sites,
> > pretending to be from (collectively) our email addresses, so that we get
> > the bounces containing the spam. And SA isn't marking these messages as
> > spam, whereas if it was directly sent the same spam, it would.
> >
> > So how do we fix this situation? What about getting SA to "detach" the
> > associated bounced message as a separate message and score that instead?
> > I know I can casually just say that - doing is a different matter - but
> > isn't that really the only answer to this problem?

>There's no problem. SpamAssassin 3.2.x includes the VBounce ruleset which
>is expressly designed to catch backscatter -- and does a good job at it.
>If you have a backscatter problem, you need to start using that ruleset.

Best Regards,

Jeff Koch, Intersessions