Message Board

Bugs & Development

backscatter stats?

Author: C.Kruslicky (30 Apr 05 2:22pm)

I notice some of my own spamtrap addresses are used only as the 'from' address (when I see bounces from misconfigured MTAs) - I'm curious if this project is seeing the same thing. I think I read that bounces are somehow taken into account to avoid false positives, but it seems like it could also indicate an address had been harvested even if no real spam is delivered 'to' the address. Might even be an interesting trend to see if spam tools take this project into account somehow.

Re: backscatter stats?

Author: S.Goodman (10 Jul 05 4:01pm)

I know that SpamCop does consider backscatter landing in their traps as spam because it was unsolicited. This makes good sense to me, as the address never did send mail, and the recipient site is creating network abuse by operating in store and forward (accept then bounce) mode. They warn site adminstrators of this and you will get listed for backscatter landing in their traps. I don't know what other DNSBL's do, but I hope they have similar policies.

So I would answer your question as follows: null-sender backscatter into a spamtrap is spam just like the rest.

It is very easy to avoid backscatter by giving your MTA the local user list and reject at SMTP time rather than accept and bounce. The second part is to disable virus messages to generally forged 2821 MAIL FROM: or 2822 From: addresses. And don't forget your backup MX, as spammers will often target that one first.

Re: backscatter stats?

Author: M.McGinnis (28 Aug 06 11:38pm)

Is it better to route backscatter to :fail: or to :blackhole:? Is that part of what you're talking about?