Marc Hughes

I am a developer from a bit west of Boston.

Spam backscatter troubles + SPF

27 Jan 2008

So some spammer somewhere is forging random addresses as the return email address for the email they send out.  Many many many addresses that spammer is sending to are generating bounces.  

I catch all email and forward it to my gmail account.  This lets me make up email addresses on the fly whenever I feel like it.

None of this should be a problem because well behaved mail servers should reject unknown recipients during the initial SMTP session.  I don't get bounce back messages from them.

But many mail servers (qmail for one) don't do this.  Instead they generate a brand new bounce message and send it to the "From" email address.  This means those bounce messages get sent to my server which then forwards them to my GMail.

Apparently when GMail receives 30 or  40 thousand emails for the same user within a day, it starts deferring new emails.  So now I'm 8 or 12 hours behind from someone sending me email to me getting it...  Not to mention it's a real pain to sort out the half dozen or so real emails from the 30,000 bad emails.

So for now I've turned off my catch-add email addresses, added in some header checks to reject some of the backscatter, and am waiting for everything to settle down.

I hate spammers.

Those challenge/response spam things are really pissing me off as well.  People who use those rely on others to do spam filtering, but yet they generate spam themselves due to the backscatter problem.  I'm really tempted to publish those email addresses on a page that will get spam-crawled.

Some information:

I also went ahead and set up SPF for all of my domains.  This is a system where you publish what mail servers are valid to send mail for your domain through the DNS system.  In theory, it would stop all forged email addresses.  Unfortunately, very few mail servers on the receiving end respect SPF.  Maybe it'll help a little bit.