Re: Sudden constant spoofing of my address
On 10 Jun 2005, Andy Smith wrote:
> On Fri, Jun 10, 2005 at 09:16:39AM +0100, Anthony Campbell wrote:
> > Since last night my in-box is being filled up by dozens of bounced
> > messages. Evidently someone or something is spoofing my address and
> > sending out bogus messages.
>
> This is referred to as a "joe job" (google for more info). In your
> case it is most likely not personal and is the result of a spammer
> randomly choosing your address for a massive spam run. In other
> cases, incredibly offensive email content is sent with someone
> else's address, so that they have to deal with the backlash.
>
> > I normally get a few of these and mark them as spam, but this is
> > ridiculous. Is there any way to stop it happening?
>
> The bounces mostly come because the spam is sent to an address list
> with a large number of local parts that don't exist.
> Poorly-designed email servers like Exchange or unpatched qmail will
> accept the spam, find they have no local part for it to be delivered
> to, and then are required by RFC to send a bounce back to the sender
> (your faked address).
>
> If all email servers in the world took a more sensible approach of
> working out their valid local parts during the SMTP conversation
> then they could reject with a 5xx code each one that was invalid.
> No bounce would then be generated.
>
> In the meantime, if you are really suffering, you can temporarily
> discard all emails from the null sender (<>), which should only be
> bounces. Note however that mails from the null sender are required
> to be accepted by RFC. Also note that it is best not to outright
> reject such emails as some sender verification schemes which connect
> back to your MX and probe with the null sender address may object,
> leading to your outgoing email being affected.
Thanks for the reply.
Yes, I remember I've heard about joe jobs now. I've noticed that all the
bounced messages have the line:
Return-Path: MAILER-DAEMON@s1.uklinux.net
(uklinux.net provide my broadband connection).
I've told procmail to direct all such messages to a mailbox called
blackhole and this seems to have provided a work-around for the problem
until it goes away (I hope).
Anthony
--
ac@acampbell.org.uk || http://www.acampbell.org.uk for
using Linux GNU/Debian || blog, book reviews, electronic
Microsoft-free zone || books and skeptical articles
Reply to: