Post #362,320
9/8/12 6:14:15 AM
|
Ideas of handling backscatter spam, please?
For those unaware what "backscatter spam" is, it's when a spammer uses your email address as the From: address in a spam email to an address that doesn't exist. The mail server it's sent to unfortunately accepts it before checking the mailbox name, then has to generate a bounce message and only has the forged From address.
I've been getting backscatter spam for a couple of weeks. All of them originate from a server hiding in business.telecomitalia.it who hasn't responded to my emails. I'm tempted to put a filter rule in place to reject any email that mentions that domain. But what I really want to do is get telecomitalia.it blacklisted on the various spam lists. Instructions for doing this seems to be impossible to find. Anyone know how to achieve that?
I guess I could locate their upstream providers and bother them. Or contact RIPE, since that's where I got the email address for telecomitalia.it. (Address registries *really* don't like people who list addresses in IP records and then don't respond to them.)
Thoughts? Ideas? Comments?
Wade.
|
Post #362,337
9/8/12 2:24:01 PM
|
Block the IP Address.
Its drastic... but hey it works.
|
Post #362,349
9/8/12 6:43:00 PM
|
That's not going to work.
Because I would be blocking IP addresses of numerous ISPs including Yahoo.
I'm getting the bounces from email sent to others using my email address as the From address. I'm getting last-chain backscatter spam. I'm pretty sure I said this in the initial post.
Wade.
|
Post #362,353
9/8/12 7:24:24 PM
|
Didn't crazy do a lot of work on stuff like this??
|
Post #362,424
9/10/12 11:09:01 AM
|
No, I only send it
|
Post #362,434
9/10/12 2:41:50 PM
|
Ha!
|
Post #362,356
9/8/12 9:01:32 PM
|
Misread your post...
Sorry, I thought you were getting it only from the one machine/ISP
|
Post #362,376
9/9/12 5:41:55 AM
|
Spamcop.net?
|
Post #362,378
9/9/12 6:59:00 AM
|
It's a start.
Their FAQ doesn't mention backscatter spam, so I'll look in the forums just to see.
Wade.
|
Post #362,572
9/14/12 4:56:35 PM
|
Reject the domain
but don't reject it... just drop it silently.
|
Post #362,610
9/16/12 4:29:36 AM
|
Ah. Someone else who didn't read it all.
business.telecomitalia.it never emails me directly. I'm getting the rejected messages from the people they are spamming.
Wade.
|
Post #362,750
9/20/12 10:48:17 AM
|
That's why I said reject the domain
not the host. If you can create blacklists, put "*@*.telecomitalia.it" in it. I'm assuming you can specify To:, From:, and the SMTP envelope entries as well. Depends on the capabilities of your server to a certain extent.
|
Post #362,761
9/20/12 4:56:04 PM
|
Ah. I see.
I was going to look into something like that, but the filter has to look through the whole message. I'm not sure it can do that.
Wade.
|
Post #362,614
9/16/12 10:17:00 AM
|
backscatterer.org?
We have not had to deal with this for quite some time, so this is only the result of a Google search, but backscatterer.org seems to provide the means you are looking for.
|
Post #362,630
9/16/12 5:12:41 PM
|
Doesn't even resolve for me.
I think I found this linked to earlier.
Wade.
|
Post #362,631
9/16/12 6:03:06 PM
|
Strange... It resolves across the pond.
|
Post #362,634
9/16/12 7:35:25 PM
|
You sure you used it?
With the final 2 "er" in it?
|
Post #362,638
9/16/12 9:40:29 PM
|
http://www.backscatterer.org/
|
Post #362,640
9/17/12 12:12:56 AM
|
Pretty sure I did.
Copy'n'paste, doncha'know.
Resolves at work, though, so I clearly need to kick my home resolver...
Wade.
|
Post #362,644
9/17/12 6:04:22 AM
|
Just making sure
I typod (not c&p) when I 1st tried.
|
Post #362,645
9/17/12 6:12:33 AM
|
Huh. It works now. Thanks all!
|
