[olug] DDOS attack on my Inbox. Spam "from me" being rejected

Christopher Cashell topher-olug at zyp.org
Thu May 15 22:10:53 UTC 2008


On Thu, May 15, 2008 at 12:15 PM, Jay Hannah <jay at jays.net> wrote:
> For the last week or so I've been getting about 600 bounced emails a
> day from all over the Internet. Apparently I've had the glorious luck
> that some spammer(s) have chosen to send their email From: "xxx yyyy"
> <jay at jays.net>.

Backscatter spam sucks.  Big time.  It's hard to deal with, there's
almost no chance of "getting" the person who caused it, and it's sure
to leave you frustrated and feeling helpless.

> This is a whole new universe of spam pain, that I have no idea how to
> fight.

It's hard.  Really hard.  How do you differentiate a spam-caused
non-delivery notice from a valid non-delivery notice?  If you're
lucky, your spam filters will catch some of it, especially
undeliverable e-mails that include the original (spam) e-mail with
them.  You can also try implementing some targeted filtering.  This is
most useful if the subject lines, from name, or returned e-mails have
some similarity across lots of the original spam.

If you're running postfix, there's a few suggestions and some more
details on filtering at:
http://www.postfix.org/BACKSCATTER_README.html

It's one of the better resources I've seen.

Lastly, you can try to pull some useful information from your existing
"good" e-mail to build some whitelist-like delete filters.  I've had
some success with this.  For example, search through your existing
e-mail and pull all of the "From: foo <foo at bar.com>" lines (where
foo at bar.com is you", to find out all of the *valid* permutations.
Then pull anything that doesn't match that out and, if desired, scan
it for false positives.

> j

-- 
Christopher



More information about the OLUG mailing list