Thread: how to prevent mail manage que from filling up with spoofed bounces?
View Single Post
  #2 (permalink)  
Old 07-06-2009, 07:32 AM
Spiral's Avatar
Spiral Spiral is offline
Registered User
  
Join Date: Jun 2005
Location: Area 51
Posts: 1,501
Spiral is on a distinguished road
There is nothing you can do about spammers sending out mail with
false headers showing addresses from your domain and in fact,
it is the "bounce back" they typically use to get servers to forward
spam back from non-existent addresses.

With that said ...

I would say update your DNS zones and templates to create SPF records
for all domains on your server so that any mail server receiving mail
from anywhere claiming to be from one of your domains can quickly
identify if the sending server is a legitimate server you authorize
to be sending mail for your domain or some bogus spammer with
a false header sent from a non-authorized server. Domains with
proper SPF records generally don't get anywhere near as much
bounced back bogus mail as the vast majority of mail servers
operating these days do at least check SPF records.

The second thing I would do is set the wildcard address for all
domains to ":fail:" and only setup those addresses you actually
legitimately use. This way, you won't get spammed with every
dictionary name in the book with hundreds of messages for
accounts that don't even exist on your domain.

Third, configure your own server to drop non-verified mail
connections. Performing your own SPF check, using either
passive or active verification callouts to check to make
sure senders are legitimate and sending where they are
supposed to be sending from, and checking sending sending
IPs against GOOD RBL databases such as SpamCop
will help drastically reduce the amount of bogus mail as well.

If you are a little more technically inclined, you can also go
much deeper and add custom ACL configurations to further
protect you from masquerading, dictionary broadcasts, rules
checking, and other measures to much further limit spam.

Properly configured though, your mail server really shouldn't
see any bogus bounced back messages whatsoever.

(Does that mean that spammers won't try to use your domain? --
not at all! It does mean that all the other mail servers will know
when spammers try, probably won't accept mail from them either, and
won't send you, the innocent 3rd party, all the bounce back messages )
Reply With Quote