Re: Mail spoofing and unwanted/bogus NDR's
- From: Joe <joe@xxxxxxxxxxxxxx>
- Date: Mon, 14 Apr 2008 22:00:14 +0100
jdr.smith@xxxxxxxxxx wrote:
Hi,
We have recently noticed a marked rise in the level of unwanted or
bogus NDR's going to some of our customers, 'System Undeliverable' etc
etc.
Obviously this is most likely whereby their e-mail addresses are being
spoofed.
We've explained this to them.
What, if anything, can be done regards this.
The NDR's are getting through as they are coming from ligit companies
whose servers are just sending back failed delivery reports.
The users are now strating to have a sense of humour failure regarding
this as they are starting to become more and more troubled by this.
It's been suggested that SPF may help.
Is this very effective or not ?
I read mixed reports regarding this.
How can it be effective? You (your clients) don't have a problem. The problem is with other peoples' servers, which are legitimate, but which are willing to create and send NDRs for what are obviously spam messages. They have to fix their systems.
You have no way to distinguish one of these bogus NDRs from genuine NDRs or from genuine email messages originating from those servers. All are equally legitimate, and if those servers have SPF records, your clients' mail servers will accept all mail from them.
I'm afraid your users will have to start complaining to the companies that send these messages to them. When those companies get enough complaints, and looking up the company's MD might work better than sending an email to 'postmaster', they may do something about it.
Ultimately, the problem lies in POP3 email. The NDR is only generated after the original spam email is accepted by a POP3 server. Later, an SMTP server which collects this email finds that the destination user doesn't exist, and sends an NDR to the 'sender', who is of course an innocent third party whose email address has been harvested. The solution is to reject SMTP connections for invalid users, but mail hosts running POP3 servers often collect 'domain-wide' and have no idea who the legitimate users are.
A possible workaround for some people is to specify individual POP3 mailboxes at their mail hosting company, and not to accept any mail to any other user name i.e. not to have a 'catch-all' address. That way, the hosting service will reject the offending mail. The use of a 'catch-all' is justified by the possibility of occasionally losing a potential sale because the buyer misspelled an email address. The correct use of NDRs, which should never be disabled on those servers which permit that, will inform the sender in such cases. The only drawback to doing things properly is that the people who should do it are not the people being annoyed by their NDR spam, hence the need for messages to the MD.
.
- Follow-Ups:
- Re: Mail spoofing and unwanted/bogus NDR's
- From: jdr . smith
- Re: Mail spoofing and unwanted/bogus NDR's
- References:
- Mail spoofing and unwanted/bogus NDR's
- From: jdr . smith
- Mail spoofing and unwanted/bogus NDR's
- Prev by Date: Re: Inter-SBS printing
- Next by Date: Re: Auto Reply
- Previous by thread: Mail spoofing and unwanted/bogus NDR's
- Next by thread: Re: Mail spoofing and unwanted/bogus NDR's
- Index(es):
Relevant Pages
|
