Re: Sudden constant spoofing of my address

To: debian-user@lists.debian.org
Subject: Re: Sudden constant spoofing of my address
From: Anthony Campbell <ac@acampbell.org.uk>
Date: Fri, 10 Jun 2005 17:40:57 +0100
Message-id: <[🔎] 20050610164057.GD30118@acampbell.org.uk>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20050610134423.GA750@strugglers.net>
References: <[🔎] 20050610081639.GT19558@acampbell.org.uk> <[🔎] 20050610134423.GA750@strugglers.net>

On 10 Jun 2005, Andy Smith wrote:
> On Fri, Jun 10, 2005 at 09:16:39AM +0100, Anthony Campbell wrote:
> > Since last night my in-box is being filled up by dozens of bounced
> > messages. Evidently someone or something is spoofing my address and
> > sending out bogus messages.
> 
> This is referred to as a "joe job" (google for more info).  In your
> case it is most likely not personal and is the result of a spammer
> randomly choosing your address for a massive spam run.  In other
> cases, incredibly offensive email content is sent with someone
> else's address, so that they have to deal with the backlash.
> 
> > I normally get a few of these and mark them as spam, but this is
> > ridiculous. Is there any way to stop it happening?
> 
> The bounces mostly come because the spam is sent to an address list
> with a large number of local parts that don't exist.
> Poorly-designed email servers like Exchange or unpatched qmail will
> accept the spam, find they have no local part for it to be delivered
> to, and then are required by RFC to send a bounce back to the sender
> (your faked address).
> 
> If all email servers in the world took a more sensible approach of
> working out their valid local parts during the SMTP conversation
> then they could reject with a 5xx code each one that was invalid.
> No bounce would then be generated.
> 
> In the meantime, if you are really suffering, you can temporarily
> discard all emails from the null sender (<>), which should only be
> bounces.  Note however that mails from the null sender are required
> to be accepted by RFC.  Also note that it is best not to outright
> reject such emails as some sender verification schemes which connect
> back to your MX and probe with the null sender address may object,
> leading to your outgoing email being affected.

Thanks for the reply.

Yes, I remember I've heard about joe jobs now. I've noticed that all the
bounced messages have the line:
	
	Return-Path: MAILER-DAEMON@s1.uklinux.net

(uklinux.net provide my broadband connection).

I've told procmail to direct all such messages to a mailbox called
blackhole and this seems to have provided a work-around for the problem
until it goes away (I hope).

Anthony

-- 
ac@acampbell.org.uk    ||  http://www.acampbell.org.uk for
using Linux GNU/Debian ||  blog, book reviews, electronic  
Microsoft-free zone    ||  books and skeptical articles

Reply to:

References:
- Sudden constant spoofing of my address
  - From: Anthony Campbell <ac@acampbell.org.uk>
- Re: Sudden constant spoofing of my address
  - From: Andy Smith <andy@lug.org.uk>

Prev by Date: Re: Upgrading to etch
Next by Date: Pre-Port Usability Question
Previous by thread: Re: Sudden constant spoofing of my address
Next by thread: Re: Sudden constant spoofing of my address
Index(es):
- Date
- Thread