Mike Holden wrote: > Eric J. Wisti wrote: > >> That still doesn't make the "Please verify" messages any more friendly. >> What if someone forges my email address and sends you a spam. I get a >> "Please verify" message, but I had nothing to do with the email that was >> sent, other than being a victim of an email forgery. Now, I also get a >> nice "Please Verify" message. These systems may have been a ok workaround >> before, but now that spam is some 94% of email is spam, all it does is >> increase the amount of "spam", and involve people who may not even be >> connected with the emails you receive. >> > > Welcome to the 2009 internet mate! We're all fed up of spam, but until the > ISPs get their fingers out collectively and block junk at source, we're > stuck with it. > > If someone forges your email address to send spam, then you will still get > any bounces back anyway if the victim email addresses fail (unknown email > address, quota exceeded etc). A fair percentage of the spam I receive is > bounce messages from spam sent "on my behalf" (i.e. spoofed From address) > to invalid email addresses. >
I grant you that a lot of improperly configured mail servers will create such bounce back. However, a properly configured mail server won't accept that email in the first place. It will get a message back to the connecting "server" indicating "unknown email address" or whatever, rather than accept the message and end up having to reply back to a potentially forged return address. A fairly old known attack method is to identify a pool of such misconfigured mail servers and then bomb them all with a forged return address of the person you want to hit with a DOS. It's called "joe jobbing" someone -- http://en.wikipedia.org/wiki/Joe_job. > Not a lot I can do about it, unfortunately. I do try to not lose sleep > about it though :-) > In general, true. But, for those of you who manage mail servers, make sure they don't create backscatter. And, if your ISP has a mail server that does this, give them a hard time. It might have a small impact. -- --------------- Chris Hoogendyk - O__ ---- Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~~~~~~~~~ - University of Massachusetts, Amherst <hoogen...@bio.umass.edu> --------------- Erdös 4 ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
