LinkBack URL
About LinkBacks
reject joe job email where Return-Path does not = from:
Today I got 3000 joe-job bounce emails which were sent with one of my email addresses as the return-path but with a different from: and reply-to: address.
I can see no legitimate reason for my mailserver to accept bounces or any email where the return-path is different than the from address. Further no one on the server uses a separate reply-to header so I can see no legitimate reason to accept email where the reply-to header is different than the from header.Code:Return-Path: <me@mydomain.com> Received: from Mailrelay15.libero.it (172.31.0.167) by smtp-in2.libero.it (7.3.120) id 4628E49E18DB4454; Sun, 20 Apr 2008 19:41:00 +0200 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av//AM4cC0i+QZAyPGdsb2JhbACRGB4YAQEBFBw X-cp3a: YES X-IronPort-AV: E=Sophos;i="4.25,686,1199660400"; d="scan'208";a="304107310" Received: from unknown (HELO 212.52.84.83) ([190.65.144.50]) by Mailrelay15.libero.it with SMTP; 20 Apr 2008 19:40:48 +0200 X-Originating-IP: 252.188.245.5 by smtp.190.65.144.50; Sun, 20 Apr 2008 13:40:47 -0500 Message-ID: <upzpnzWFJXSRdoel68@libero.it> From: "Somebody Shelton" <somebody@libero.it> Reply-To: "Somebody Shelton" <somebody@libero.it> To: somebody@libero.it Subject: Inexpensive Louis Vuitton bags Date: Sun, 20 Apr 2008 13:40:47 -0500 Content-Type: text/plain; Content-Transfer-Encoding: 7Bit Return-path: <me@mydomain.com> Received: from adsl190-28-162-133.epm.net.co ([190.28.162.133]) by server5.cts-gmbh.net with smtp (Exim 4.63) (envelope-from <me@mydomain.com>) id 1Jnd3s-0006Gl-SS for gastro@club-zero.tv; Sun, 20 Apr 2008 19:10:45 +0200 X-Originating-IP: 252.10.206.208 by smtp.190.28.162.133; Sun, 20 Apr 2008 13:19:20 -0500 Message-ID: <vopptcrDNZILSgastro@club-zero.tv> From: "somebodyelse Beard" <somebodyelse@club-zero.tv> Reply-To: "somebodyelse Beard" <somebodyelse@club-zero.tv> To: somebodyelse@club-zero.tv Subject: Inexpensive Louis Vuitton bags Date: Sun, 20 Apr 2008 13:19:20 -0500 Content-Type: text/plain; Content-Transfer-Encoding: 7Bit Return-Path: <me@mydomain.com> Received: (qmail 44112 invoked by uid 3179); 19 Apr 2008 05:31:08 -0000 Delivered-To: chrismd-westminsterspeed:com-fred@westminsterspeed.com Received: (qmail 44109 invoked from network); 19 Apr 2008 05:31:08 -0000 Received: from mailwash40.pair.com (66.39.2.40) by ulawun.pair.com with SMTP; 19 Apr 2008 05:31:08 -0000 Received: from localhost (localhost [127.0.0.1]) by mailwash40.pair.com (Postfix) with SMTP id E8F542BD3A; Sat, 19 Apr 2008 01:31:07 -0400 (EDT) Received: from host-201-151-139-226.block.alestra.net.mx (unknown [201.151.139.226]) by mailwash40.pair.com (Postfix) with SMTP id 21B342BCF0; Sat, 19 Apr 2008 01:30:53 -0400 (EDT) X-Originating-IP: 76.48.166.153 by smtp.201.151.139.226; Sat, 19 Apr 2008 01:30:47 -0500 Message-ID: <rjdfhlJCJQXdunn@westminsterspeed.com> From: "somebodyelse Ricks" <somebodyelse@westminsterspeed.com> Reply-To: "somebodyelse Ricks" <somebodyelse@westminsterspeed.com> To: somebodyelse@westminsterspeed.com Subject: Replica watch is a perfect gift Date: Sat, 19 Apr 2008 01:30:47 -0500 Content-Type: text/plain; Content-Transfer-Encoding: 7Bit
Unfortunately when the victim of such a joe-job the mailer daemon returns are all different formats -- doesn't seem there is much of a standard there. When they often include the original message, the headers clearly show the insanity of bouncing to the return-path when it doesn't match the from or reply to address, so possibly I could scan based on this...
Enabling domain keys and SPF help prevent some of the spammers email from getting through, but you still get the bounces it seems from these mail servers that still bounce instead of fail
Any ideas for an easy solution?
Reply With Quote
