Comments on: Drowning in the backscatter

By: How To Spot A Psychopath :: One more reason to love spammers :: April :: 2008

How To Spot A Psychopath :: One more reason to love spammers :: April :: 2008 — Wed, 23 Apr 2008 05:36:10 +0000

[...] for me to MailWash all of those bounces out of existence. Actually filtering backscatter bounces is a bit tricky - in essence, you probably do want to receive bounces from messages you actually sent, and [...]

By: Anonymous

Anonymous — Mon, 31 Dec 2007 02:01:00 +0000

whatever

By: Aquarion

Aquarion — Sun, 23 Dec 2007 22:09:19 +0000

Marnanel: You are entitiled to your wrong opinion.

By: http://marnanel.livejournal.com/

http://marnanel.livejournal.com/ — Thu, 20 Dec 2007 14:00:00 +0000

I actually like the new design.

By: http://fragglet.livejournal.com/

http://fragglet.livejournal.com/ — Thu, 20 Dec 2007 09:49:24 +0000

I think your best option is probably to redirect all emails that aren’t to one of your standard addresses to a separate label, then periodically go through and cherry-pick out anything that really was legitimate email. At least you can delete them in bulk by doing “select all->delete”. Basically, what you’ve been doing, but cut the word filter.

Really though, your best option is to stop using your domain as a catch-all email address and just use a single, specific email address.

By: Tom

Tom — Thu, 20 Dec 2007 09:04:48 +0000

I have been merrily marking those emails as spam in my gmail to no *known* ill effects, although your volume of email is probably higher than mine.

Although it is a bit urgent, I like the new design. It’s certainly very clear and still not white. I talk, of course, as someone who has only recently abandoned purple.

By: Anonymous

Anonymous — Thu, 20 Dec 2007 06:42:10 +0000

Several possible solutions.

First, kill the wildcard email delivery, and drop all mail sent to any address which does not match some criteria, either “contains my normal email prefix” or “contains a magic word I designate”. That should reduce your volume.

Second, do go ahead and report backscatter generators, both to postmaster@thedomain and more importantly *to their ISP as contributors to the spam problem*. This does in fact work, even with large ISPs.

Finally, if you feel like writing some code to solve the problem: find some way to keep a record of all mail servers yours contacted in the last X days, and drop bounces that do not come from one of those mail servers.

By: Simon

Simon — Wed, 19 Dec 2007 21:33:35 +0000

Someone mentioned my article at Debian Administration on how to do Greylisting. But it doesn’t stop this - but do check the advice from Wietse linked at the end of the article.

I’m not sure if it is all applicable to GMAIL, and a lot depends on how many, and which ways you send email.

Ultimately if the computer is to reliably distinguish between bounces of what you sent, and bounces of forged email, it needs a way to establish the difference. SPF fails because it relies on everyone else to implement it, and that won’t happen because it breaks forwarding.

Wietse has the poor man’s solution, one can make a similar approach cryptographically secure in a similar fashion to DKIM.

On a more practical note, I suspect spammers preferentially use domains with catch-alls as senders, since then any call-back sender checks will succeed. As such - step 1 - lose the catch all and use the “-” or “+” extension (whichever Gmail accepts) to vary the email address you hand out.

By: Adam Sweet

Adam Sweet — Wed, 19 Dec 2007 20:43:31 +0000

Vote #2 for SPF. SPF has it’s detractors as among other things, it breaks forwarding unless you include all of the machines that your mail might go out through (ie Gmail, if you send your mail from Gmail), and it has to be supported at the receiving end, but SPF is designed to solve this kind of problem.

There are also some tips on rejecting backscatter with Exim here but I guess you’re not running Exim (included here in case someone else with the same problem is), however some of the rules on the same page will mean you hardly get any mail at all, so exercise caution.

The hard and fast rule here is that the people bouncing shit back your way are as much part of the problem as the spammers are. You should always reject mail at SMTP time where possible, not accept the mail and then bounce it.

Just don’t use catchalls. Set up all your addresses manually. It’s painful if you’ve been using a catchall for years but the end result is that you get sooo much less spam and bouncebacks from crap you didn’t send. For new domains, just say no to catchalls from the beginning.

By: Herb

Herb — Wed, 19 Dec 2007 19:40:28 +0000

As an alternative to downloading mail from GMail, you could use IMAPFilter (packages available in Debian and Ubuntu repositories at time of writing).
This will access your mail on the server and act on it. Granted, setting up IMAPFilter requires some work and a computer to house it — and if you want to download messages and match them with regular expressions, you will have to use some Lua programming to do it. (Fortunately, this is an easy language to use. Unfortunately, it’s still programming, which could be a lot to ask in this case.)
This is the approach I’ve taken in my sysadmin++ job when I need to do some filtering in an Exchange mailbox on the server, and Oulook’s filters are laughably inadequate for the job (which is much of the time, unsurprisingly). It didn’t seem onerous at the time to set it up, but then again, I was being paid! Weigh it against wading through the meta-spam for the rest of your life, I guess.
I hope this gives you some insight!