Kids bypassing firewall via web proxy sites

Undeliverable mail gets returned to the sender - who is identified by the From-header.

You still don't understand. The bounce mails have a From:postmaster@domain - after all, they're generated by the mail server to inform the "user" about a possible error.

Juergen Nieveler

So how would you suggest to prevent THAT?

Assuming of course that you actually have set up a mailserver once in your life...

Juergen Nieveler

Of which server? The Relay? If the admin of that was competent, it wouldn't exist :-)

No, the victim is the admin of the mailserver hosting the domain that was used in the fake From-line - the bounces will come from all over the world, and will all have snipped-for-privacy@somedomain.whatever as From - the only way to filter on that would be to block mails from postmaster@*, but that would mean loosing legitimate error messages as well.

And yes, generating bounces when a mail is sent to an invalid adress is a good thing - how else would your users learn that they've yet again put a typo into the address?

Of course, there's at least one thing worse than those spam-bounces - and that's dumb admins who send back messages to the From- or Reply-to- informing them that "Your message contained a virus" - some are even dumber and set postmaster@ and abuse@ as CC on that "information message".

Juergen Nieveler

MacOS X.

Yes.

Yours, VB.

Sorry, but it seems to work in more cases than not, so it's already better than Windows - and a real firewall appliance does even better.

Wrong, my mail server blocks email from snipped-for-privacy@mydomain.com as none of our users send email from outside the domain using the domain - which means that any email inbound to our domain from outside the LAN is fake/spam/forged - so the system deletes it. Yes, I still get all the admin messages from the services.

I doubt that the Spam victims will see that like you, whose mail accounts are unusable because of bounces by reason of your fake address.

They're suffering from your disinterest, they're suffering because you are using a fake address and even are too dronish to use .invalid.

We're driving a couple of small mail servers here, just for the 20 up to 30 customers, where we offer this as a non-public service. I already had such a case of a Spam victim here. It was round about 10.000 incoming bounces a day on this address.

Yours, VB.

I somehow suspect volker that you'll never be happy with anything that is done unless it's your exact, insane way and even then you'd still complain about something saying you didn't mean that.

We host about 60 mail accounts on our servers for non-profit groups, never seen anything like that in the 3+ years we've been doing it.

That is the most stupid thing you could have written. I thought you had some clue - but I was OBVIOUSLY wrong. By the way, are you saying that is valid?

Obviously you feel that mail or anything else on this Interweb thingy moves for free. HELLO MISTER CLUELESS - BANDWIDTH IS NOT FREE. Neither are CPU cycles on my firewall or servers.

So lemme get this straight - you feel that it's wrong to bounce mail to spoofed "From:" addresses, but it's perfectly OK to dump it onto a mail provider that you don't pay, so they can fill their disks with unread garbage. Are you sure you're not working for Schlund + Partner AG?

Maybe you ought to read the spam - at least the headers. Perhaps after looking at a hundred thousand spams, you _might_ notice where the crap is coming from. Those bounces you are so paranoid about come from idiots on the destination end who have their crap mail servers accept anything, and much later send a bounce when they realize that there is no such user. I know this might be news to you, but the mailserver at the domain 'nospam.nospam' isn't sending bounces. Neither are the zombies used by spammers. Maybe you should ask Mikea, or Shmuel in the monastery for clues. You can also profit by reading the newsgroup news.admin.net-abuse.blocklisting.

Old guy

Nah, just hire someone who is not as incompetent to set your mail server up correctly. If you can't figure out how to set up a mail server, you shouldn't be running one, or expect the Internet to accept mail from you. That's what RBLs and rfcignorant.org are for. While you're at it, read section 7.7 of RFC2821.

Old guy

This is all basic stuff. I must have misread the question. By "stop it running" I read as "Stop it executing and infecting", rather than "not running an OS it can infect". Cheers, E.

I have similar examples. Why is it that despite empirical evidence of filtering working, some claim it does not work? E.

I don't know, since it's worked for 10+ years for me and our clients. I would guess that the naysayers have some agenda the are pushing in order to further their own gain.

Yes it is. As well as the version without .nospam - it's a test-setup to see how many spammers already filter out the .nospam out of their lists. The adress without .nospam wasn't published anywhere, but it didn't take long for it also to receive spam. By now, it receives about 10% of the spam that I receive on the published address.

Google seems to think that mail is free.

Yes, I'm quite sure. And Google, Yahoo etc. have never complained about people doing this.

I did. Your point being?

Or from idiots using Mailwasher. Or from idiots running open relays that complain back because the relayed spam cannot be delivered.

No. But the open relay is.

Juergen Nieveler

Lucky you. A couple of years ago I witnessed a hospital suffer a 48h- outage of their (admittedly rather slow) Internet connection - brought down by 10-15000 bounces per day.

Juergen Nieveler

Exactly. The bounce messages you'd receive if somebody sends a spam run with your domain as From: won't be filtered - you'd receive them all, as they all will be from postmaster@otherdomain, adressed to somebody@yourdomain.

Let's say you are admin of yourdomain.cno, the recipient of the spam should be snipped-for-privacy@nospam.nospam.

The spam message will look like this: From: snipped-for-privacy@yourdomain.cno To: snipped-for-privacy@nospam.nospam Subject: Whatever

The spammer sends this to an open relay. The relay will try to deliver the message, but of course will fail. It will then generate a bounce message: From: snipped-for-privacy@relay.dumbfuck To: snipped-for-privacy@yourdomain.com Subject: Undeliverable: Whatever

You see what I mean? The bounces cannot be filtered by the mechanism you use, as the bounces do not have a From-line from your own domain.

Juergen Nieveler

You should try it without the dot before 'nospam'. So far, I got a ration of about 1.5:1 for the stripped version.

If the same result is achieved without filtering, either your filtering doesn't work or is superfluous.

Anyway, AdAware is pretty much crap and so far I haven't seen any recent software from Symantec or McAfee that doesn't put the system into danger.