[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More then 2800 spams from the list...

On 2018-03-19 20:50, Nick Boyce wrote:
> On Mon, 19 Mar 2018 18:31:48 +0000
> Karol Augustin <karol@augustin.pl> wrote:
> 
>> On 2018-03-19 12:58, Michelle Konzack wrote:
>> > Hello and Listmaster/owner,
>> >
>> > I have send on "Date: Mon, 19 Mar 2018 07:17:40 -0400" a message
>> > to the list and now I got already 2800 Spams on one go!
>> >
>> > The EMail responsabble for this shit is <helm7722@gmail.com>.
> [...]
> ----8<------------------------------------------------------------------
>> > Hello, this is the mail server on frash.longvieace.com.
>> >
>> > I am sending you this message to inform you on the delivery status of a
>> > message you previously sent.  Immediately below you will find a list of
>> > the affected recipients;  also attached is a Delivery Status
>> > Notification
> [...]
>> It looks like you are hit by backscatter bounces. Someone uses your
>> e-mail (in prepared message) as sender and spams the misconfigured
>> servers which send you bounces as they can't deliver spammers message to
>> the recipient.
> 
> +1
> Exactly what Karol said - someone has used your email address as the
> sender for a spamming run, and you're being hit by all the bounces
> from all the receiving mailservers that quite properly reject the
> spam, but quite wrongly send a bounce to the supposed sender instead
> of to the mailserver that established the SMTP connection.
> 
> It's just your bad luck that it was your address that the spammer
> chose.  It's happened to me before now, and it was the most miserable
> period of weeks before the flood of backscatter DSNs slowed and then
> stopped.  There is almost no way of filtering the damn things out,
> because they're coming from all over the Internet and you usually *do*
> want to see such things.  Console yourself with planning what you
> would do to the spammer if you ever got hold of them.
>  
>> This is precisely why e-mail server should never send bounces to
>> non-local senders. When sender is spoofed as in this case then is hit
>> with thousands of DSNs.
> 
> Yes ... sigh.
> 
> Pleasingly, some spammers are being tracked down and are going to jail
> for long periods of time.
> 
> http://www.theregister.co.uk/2005/11/17/spammer_jailed/print.html
> https://usatoday30.usatoday.com/tech/news/computersecurity/2008-04-29-spam-sentencing_N.htm
> https://www.telegraph.co.uk/news/worldnews/northamerica/usa/6653892/Godfather-of-spam-jailed-for-four-years.html
> https://www.independent.co.uk/life-style/gadgets-and-tech/news/spam-emails-millions-us-man-michael-persaud-arizona-jail-time-prison-send-out-spamming-a7577216.html
> 
> Nick

You can use http://www.backscatterer.org/?target=usage
I don't know what is the quality of this list, but if used as described
in what they call "safe mode" it will be only check against if sender is
null or postmaster@, which should stop all DSNs from servers they have
listed.

Have to look into implementing this on my server just in case...
k.

-- 
Karol Augustin
karol@augustin.pl
http://karolaugustin.pl/
+353 85 775 5312
Reply to: