Martin Gregorie wrote:
On Wed, 2009-02-11 at 11:10 -0600, Karl Boyken wrote:
Hello,
I've got SA with a few features installed and it's working great and
has been for a while.
However, over the past few weeks I've had a few select users complain
about receiving 3-4 thousand bounce messages per day from what appears
to be mail delivery error messages. From what I can tell it's the
spammer spoofing the sender with their user ID and the messages they
receive are the servers responding with an unknown user or the like.
Does anyone know a work around for this?
This backscatter is precisely what SPF records are meant to alleviate.
You should have a valid SPF message set up for every registered domain
handled by your mail servers.
How so?
The backscatter he is receiving is most likely DSN messages sent from
mail servers in response to his (forged) sender address. SPF will only
help if other people's mail servers deploy and bounce mail on failed
SPF, but as I asserted in an earlier post to this thread, how much faith
do you place in a mail admin deploying SPF _AND_ bouncing messages on
SPF failure when they can't even address the issue that their servers
are responsible for the backscatter problem by accepting mail for
non-existent addresses and then sending DSNs to a forged address.
Let me put it another way, hands up everyone who rejects mail outright
that fails SPF? Not many I guess and those that do probably see a fair
proportion of FPs from doing so. Far better to just not accept mail at
the smtp level for non-existent accounts, or catch them in a catchall if
you really must accept them, but don't bounce them after you've
initially accepted them as that is what causes backscatter. You won't
solve the backscatter problem with SPF. You'll probably have just as
much success emailing postmaster at every domain that sends backscatter
and asking them to fix their server.
