On Fri, 2009-06-19 at 13:32 +0200, Arvid Picciani wrote: > Hi, > I'm currently convincing my boss to throw away a domain that receives so > much backscatter, its useless to try filtering the legitimate mail. > Could i do anything useful with it? > Spamtrap won't work since 99.99% of mails are backscatter from > "legitimate" hosts. Can't block those. > Maybe a backscatter list wants them? > Not tried sender verification? I know the Barracuda Spam (LOL 'And Virus') "FIREWALL" offers this (but the broke it..) They have called it BATV
works in combination with custom SA rules that block all NDR type messages unless they have a signature in the 'from' field; from=<btv1==421f28ad911==> (here it's broke as the rest of the from is missing) Signaure is build on some weak hash churned from: batv_expire_time batv_shared_secret When I first noticed it I thought 'Wow, Barracuda have done something good'. I was then sent a link by a T2 at Barracuda showing me where they stole it from. Sigh..... http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation Should be possible to make that domain usable again with some work :-)
