[CentOS] dealing with spoofing

Wed Aug 31 22:53:08 UTC 2011
Bill Campbell <centos at celestial.com>

On Wed, Aug 31, 2011, m.roth at 5-cent.us wrote:
>Here's a thought I just thunk, folks: some scum, apparently in eastern
>Europe, has harvested my email, and is using it in the Reply-To: in its
>spamming efforts. Now, I realize that some mails go out from noreply, but
>other than that, is there a good reason why a mailserver would not be
>configured to send delivery failure to *both* Reply-To and From?

This type of forging is generally referred to as a "Joe Job", and
may be a conscious effort to impair the reputation of the forged
sender or domain or perhaps an attempt to flood the mailboxes of
antispammers (e.g. mail forged like abuse at antispam.example.com).

Sending spam complaints to these addresses or to their ISPs is
generally a waste of time and effort as the forged sender has
nothing to do with the message as any cursory examination of the
Received: headers in the message will confirm.  The spam
complaints are in themselves a type of abuse, and are referred to
as "Blowback".  Sometimes these complaints are the result of
ignorance when they are manual complaints, or incompetence (e.g.
early Barracuda e-mail appliances that did this by default).

Configuring an MTA to bounce to the Reply-To: header is probably
worse than useless as it could well flood poorly configured
mailing lists with garbage when spam gets through the lists spam
filters, then the complaints go back to the mailing list.

Probably the best thing to do with this kind of delivery failure
message which come in is to ignore them unless you feel like Don
Quixote and like tilting at windmills.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

UNIX was not designed to stop you from doing stupid things, because that
would also stop you from doing clever things. -- Doug Gwyn