choon
03-26-2005, 11:32 AM
Hi everyone,
As some of you might know that every Double-Bounce mail to my mail servers will be handled by my customized script to add the originator's/sender's IP in my RBL database to block for any future attempts and optionally report to spamcop.
You might think of me such as...
Hmm... huh... you crazy??? Too Free??? Nothing to do???
Yep... maybe :p
Read on please... ...
Many server administrators would simply null it meaning pipe all Double-Bounce mails to /dev/null and they will never get a chance to read those messages. Yes, save time and trouble but the problem will still remain there if one day that server administrator decide to check on Double-Bounce messages (disable piping to /dev/null or whatever setting).
So what is the problem about Double-Bounces?
Double bounces are typically caused by spammers sending massive advertising/UCE/SPAM mails to those email addresses that does not exist on your servers. By default, your servers will try to bounce those messages because of invalid mailboxes or mailboxes could not be found. However, if the return address that those spammers use are fake or forged, then the bounced message will also bounce and be returned to your server.
SPAMMER [sending spam to your hosted domain email address(es)] -> YOUR MAIL SERVER
YOUR MAIL SERVER [checked invalid mailbox bounce back] -> SPAMMER (Fake/Forged Return-Path Address) -> INNOCENT MAIL SERVER
INNOCENT MAIL SERVER [checked invalid mailbox and bounce again] -> YOUR MAIL SERVER
OR
INNOCENT MAIL SERVER [checked valid mailbox] -> That mailbox user will be wasting time and effort to trace/empty bounces or take up a lot of his/her mailbox space
The above is very common and it is a waste of servers resources and bandwidth. So to reduce down this type of incidents happen, at least for me I will be very serious about Double-Bounces as a server administrator.
More about Double-Bounces at SpamCop (http://www.spamcop.net/fom-serve/cache/380.html)
Recently, due to this setting... I discovered a couple of blocked IP addresses and some are reported to spamcop which in the result get to know due to those servers are running an insecure proxy servers which these days spammers like to target on:
http://spamlinks.net/proxy-fix.htm
http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,2122679,00.htm
http://www.securityfocus.com/news/4217
More information you can read if you do a search at google (http://www.google.com.sg/search?hl=en&q=proxy+spam&btnG=Google+Search&meta=).
The main intention for me to report those to spamcop is trying to make those reported IP's providers notice about the mails and sometimes help them to find the problem and rectify it as soon as possible before any further damages caused to other innocent servers.
Thanks :p
As some of you might know that every Double-Bounce mail to my mail servers will be handled by my customized script to add the originator's/sender's IP in my RBL database to block for any future attempts and optionally report to spamcop.
You might think of me such as...
Hmm... huh... you crazy??? Too Free??? Nothing to do???
Yep... maybe :p
Read on please... ...
Many server administrators would simply null it meaning pipe all Double-Bounce mails to /dev/null and they will never get a chance to read those messages. Yes, save time and trouble but the problem will still remain there if one day that server administrator decide to check on Double-Bounce messages (disable piping to /dev/null or whatever setting).
So what is the problem about Double-Bounces?
Double bounces are typically caused by spammers sending massive advertising/UCE/SPAM mails to those email addresses that does not exist on your servers. By default, your servers will try to bounce those messages because of invalid mailboxes or mailboxes could not be found. However, if the return address that those spammers use are fake or forged, then the bounced message will also bounce and be returned to your server.
SPAMMER [sending spam to your hosted domain email address(es)] -> YOUR MAIL SERVER
YOUR MAIL SERVER [checked invalid mailbox bounce back] -> SPAMMER (Fake/Forged Return-Path Address) -> INNOCENT MAIL SERVER
INNOCENT MAIL SERVER [checked invalid mailbox and bounce again] -> YOUR MAIL SERVER
OR
INNOCENT MAIL SERVER [checked valid mailbox] -> That mailbox user will be wasting time and effort to trace/empty bounces or take up a lot of his/her mailbox space
The above is very common and it is a waste of servers resources and bandwidth. So to reduce down this type of incidents happen, at least for me I will be very serious about Double-Bounces as a server administrator.
More about Double-Bounces at SpamCop (http://www.spamcop.net/fom-serve/cache/380.html)
Recently, due to this setting... I discovered a couple of blocked IP addresses and some are reported to spamcop which in the result get to know due to those servers are running an insecure proxy servers which these days spammers like to target on:
http://spamlinks.net/proxy-fix.htm
http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,2122679,00.htm
http://www.securityfocus.com/news/4217
More information you can read if you do a search at google (http://www.google.com.sg/search?hl=en&q=proxy+spam&btnG=Google+Search&meta=).
The main intention for me to report those to spamcop is trying to make those reported IP's providers notice about the mails and sometimes help them to find the problem and rectify it as soon as possible before any further damages caused to other innocent servers.
Thanks :p