Re: blocking spam ndr's that aren't sent by user
- From: stephen <stephen@xxxxxxxxxxxxxxx>
- Date: Sat, 26 Jul 2008 17:18:29 +0100
Joe wrote:
Ted wrote:Gregg,
Have you or anyone else out there had any success in setting up the Sender ID filtering? I guess that is what I really want to try before I try to get the client to purchase something. Although ORF is something I will keep in mind.
But that's not going to help, is it? It's not your house that needs to be put in order, it's the houses of the people sending you these NDRs. The NDRs themselves are perfectly genuine, they come from legitimate mail servers, they would all pass SPF tests.
It's the *senders* of the NDRs who need to stop accepting mail from 'your client' when it's actually coming from spammers. It would help if the client had a SPF record, and the NDR senders *all* checked it, but how likely is that? SPF use is not yet widespread enough to be useful.
NDRs sent across the Internet are a last resort, after the system has already partly broken down. Invalid email recipients should be detected at the SMTP transaction stage, the sending server informed and the message refused. The sending server then informs its own local client, in an NDR that stays within the organisation. NDRs are only sent between Internet servers when one server has erroneously accepted invalid mail, has realised its mistake, and now needs to tell someone about it. Unfortunately, the only person it can tell is the apparent sender of the email.
Good summary of the problem.
Almost always, this happens as a result of mail being received by POP3 to a domain-wide or catch-all mailbox. Unless individual POP3 mailboxes are implemented, the POP3 server is unable to refuse invalid mail. It's only when a server which knows about all the valid users gets the mail, that it can be identified as invalid, by which time the link with the actual originating SMTP server has been long lost.
I would disagree that POP3 catchalls are the main culprit. Backup MX hosts that don't perform recipient verification are high on the list as well as Qmail based MTAs which almost always accept mail before firing a backscatter NDR. Even Exchange defaulted to having recipient verification off at one time, contributing to the problem.
It would be possible for an SMTP server to retain a list of all the messages sent, to parse incoming messages to (mostly) identify NDRs, and to drop or quarantine those that did not correspond to fairly recent entries on its list. I don't know if the ORF product does that, but Exchange certainly can't. But there's no real substitute for mail being finally received using SMTP by a server which knows all the genuine recipients for the domain.
MailScanner has a system where outbound mail has a watermark header inserted so incoming NDRs without the watermark can be dropped as not being of legitimate origin.
--
stephen
.
- References:
- Re: blocking spam ndr's that aren't sent by user
- From: Gregg Hill
- Re: blocking spam ndr's that aren't sent by user
- From: Ted
- Re: blocking spam ndr's that aren't sent by user
- From: Joe
- Re: blocking spam ndr's that aren't sent by user
- Prev by Date: Re: Smart Host Port
- Next by Date: Re: SBS 2008 - NO TAPE DRIVE SUPPORT!
- Previous by thread: Re: blocking spam ndr's that aren't sent by user
- Next by thread: Re: blocking spam ndr's that aren't sent by user
- Index(es):
Relevant Pages
|
