Spam/bounce problem

[Tony Finch]

Tony Johansson <tony.johansson at SVENSKAKYRKAN.SE> wrote:
>
>1. Spammer sends spam to abc at domain.com, spam has the spoofed return
>address xyz at school.com
>2. No such user at domain.com/mailbox full/disabled etc
>3. Mail bounces to xyz at school.com (with return path "<>")
>4. Smtpgate at school.com (running mailscanner) accepts message, forwards
>to internal server
>5. Internal server sees that the address xyz at school.com is non-existant
>6. Internal server tries to bounce the message, to xyz at school.com, but
>naturally it cannot be delivered
>7. Message is sent to postmaster at school.com, "I tried to deliver a bounce
>message to this address, but the bounce bounced!"
>
>Does anyone have a remedy for this problem?
>
>I guess I could only accept messages (at #4) for legitimate users but that
>would probably attract some directory harvest attacks. Not to mention
>keeping the list up to date.

Address harvesting from SMTP RCPT verification is a myth, AFAICT. It
is MUCH MUCH better to verify addresses before you accept the message.

If you are sure that all legitimate messages sent with return addresses
pointing to the school are sent via the school's SMTP server, then you
can arrange for the server to add a hard-to-forge cookie to the headers
of every outgoing message. Bounced legitimate messages will contain
the cookie in the body of the bounce. Joe-job bounces will not have the
cookie and can be rejected.

Tony.
--
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
FAEROES: SOUTH OR SOUTHWEST 5 TO 7, VEERING WEST FOR A TIME. RAIN. MODERATE OR
POOR.