Re: More then 2800 spams from the list...

To: debian-user@lists.debian.org
Subject: Re: More then 2800 spams from the list...
From: Nick Boyce <nick@steelyglint.org>
Date: Mon, 19 Mar 2018 20:50:51 +0000
Message-id: <[🔎] 20180319205051.2bb6b5d04bc52376df575b73@steelyglint.org>
In-reply-to: <[🔎] b4805368b4e702397f697cab94ca9421@augustin.pl>
References: <[🔎] 51abe0c43233a5ecf0bd4d65048ed572.squirrel@webmail.tamay-dogan.net> <[🔎] b4805368b4e702397f697cab94ca9421@augustin.pl>

On Mon, 19 Mar 2018 18:31:48 +0000
Karol Augustin <karol@augustin.pl> wrote:

> On 2018-03-19 12:58, Michelle Konzack wrote:
> > Hello and Listmaster/owner,
> > 
> > I have send on "Date: Mon, 19 Mar 2018 07:17:40 -0400" a message
> > to the list and now I got already 2800 Spams on one go!
> > 
> > The EMail responsabble for this shit is <helm7722@gmail.com>.
[...]
----8<------------------------------------------------------------------
> > Hello, this is the mail server on frash.longvieace.com.
> > 
> > I am sending you this message to inform you on the delivery status of a
> > message you previously sent.  Immediately below you will find a list of
> > the affected recipients;  also attached is a Delivery Status
> > Notification
[...]
> It looks like you are hit by backscatter bounces. Someone uses your
> e-mail (in prepared message) as sender and spams the misconfigured
> servers which send you bounces as they can't deliver spammers message to
> the recipient.

+1
Exactly what Karol said - someone has used your email address as the sender for a spamming run, and you're being hit by all the bounces from all the receiving mailservers that quite properly reject the spam, but quite wrongly send a bounce to the supposed sender instead of to the mailserver that established the SMTP connection.

It's just your bad luck that it was your address that the spammer chose.  It's happened to me before now, and it was the most miserable period of weeks before the flood of backscatter DSNs slowed and then stopped.  There is almost no way of filtering the damn things out, because they're coming from all over the Internet and you usually *do* want to see such things.  Console yourself with planning what you would do to the spammer if you ever got hold of them.
 
> This is precisely why e-mail server should never send bounces to
> non-local senders. When sender is spoofed as in this case then is hit
> with thousands of DSNs.

Yes ... sigh.

Pleasingly, some spammers are being tracked down and are going to jail for long periods of time.

http://www.theregister.co.uk/2005/11/17/spammer_jailed/print.html
https://usatoday30.usatoday.com/tech/news/computersecurity/2008-04-29-spam-sentencing_N.htm
https://www.telegraph.co.uk/news/worldnews/northamerica/usa/6653892/Godfather-of-spam-jailed-for-four-years.html
https://www.independent.co.uk/life-style/gadgets-and-tech/news/spam-emails-millions-us-man-michael-persaud-arizona-jail-time-prison-send-out-spamming-a7577216.html

Nick
-- 
Never FDISK after midnight.

Reply to:

Follow-Ups:
- Re: More then 2800 spams from the list...
  - From: Karol Augustin <karol@augustin.pl>

References:
- More then 2800 spams from the list...
  - From: "Michelle Konzack" <linux4michelle@tamay-dogan.net>
- Re: More then 2800 spams from the list...
  - From: Karol Augustin <karol@augustin.pl>

Prev by Date: Re: [Asus x205ta] Wireless not working after suspend-resume
Next by Date: Re: [Asus x205ta] Wireless not working after suspend-resume
Previous by thread: Re: More then 2800 spams from the list...
Next by thread: Re: More then 2800 spams from the list...
Index(es):
- Date
- Thread