cancel
Showing results for 
Search instead for 
Did you mean: 

New form of spam?

N/A

New form of spam?

After the email furore of a couple of months ago there was an immediate reduction of spam into my my mailbox but that happy state seems to be reversing. In recent days I have received quite a number of alleged failures to deliver email notifications. Interestingly the sending address is not from my mailbox but from my domain and most of the outgoing addresses are based in Germany. Since my website/domain does not have the facility to send or receive emails I am concerned at what might be going on here. Can anyone shed any light on this situation?
8 REPLIES
Plusnet Alumni (retired) orbrey
Plusnet Alumni (retired)
Posts: 10,540
Registered: 18-07-2007

New form of spam?

Someone is using your domain as a return address on the spam they are sending out. Unfortunately there is very little that can be done in this situation. You could remove the catchall on your mailbox (if you have this activated) which should remove most of this email, or if it is all coming back to a single address you could add a redirect in your mailboxes to blackhole@abuse.plus.com though unfortunately there is nothing we can do to stop this from happening.

Hope this helps,
spinecho
Grafter
Posts: 26
Registered: 26-07-2007

New form of spam?

Hi

you dont even need to remember the blackhole address anymore as on the redirects page you just pick the

"I would like to blackhole this address and not receive email to it."

option and it sets it up for you.

Francis.
Lorian
Grafter
Posts: 699
Registered: 31-07-2007

New form of spam?

Quote
unfortunately there is nothing we can do to stop this from happening.


You could certainly do something to help a lot, implement SPF (sender policy framework). How difficult can it be to add a record type into DNS....
N/A

New form of spam?

SPF will not reduce the email bounces reported by the OP.
Lorian
Grafter
Posts: 699
Registered: 31-07-2007

New form of spam?

Yes it would, he's seeing backscatter.

http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam

If he had SPF set up for his domain (or subdomain if using plsunet's mail) and the MTA receiving the SPAM did an SPF check it would know the sending address was forged and not reply. No reply, no backscatter.

Sure not all SMTP gateways will check for a sender policy record, but it's a step in the right direction.
N/A

New form of spam?

The option with my mailserver that fail SFP is to either not to accept it (bounce it back to the sender) or accept it and mark it as spam. The former is what the OP is complaining about.
Lorian
Grafter
Posts: 699
Registered: 31-07-2007

New form of spam?

Those are both pretty duff options. If it fails an SPF check the logical thing is to add the mail to any local spam collection database for baysian training purposes and then drop it. Thats what I've set my ASSP proxy to do. It helps train the spam database and doesn't annoy innocent parties with backscatter.
N/A

New form of spam?

Yes I could do that as I do have a third option to specify custom events.

I have not done so as the majority of emails received does not support SPF and the first failures seen were the notifications for this forum.