Home | Comics | wishlist | Impressum | Datenschutzerklärung | 54.162.159.33


One method for stopping backscatter spam

Q:

I want to stop backscatter spam to an address in our organisation. How?

A:

Use header_checks to reject header lines that are not being used by the genuine sender:
if /^From:.*<firstname\.lastname@example\.com>/
!/Firstname Lastname/i   HOLD Backscatter Firstname Lastname
endif
The idea is this:

The header of a bounced/rejected mail usually contains at least the header of the original spam. If the headers contain firstname.lastname@example.com, then we check if the very same line is not equal to what the sender uses as realname.
In our case we assume that the realname is "Firstname Lastname".

So the mail address that's usually being used is:

From: "Firstname Lastname" <firstname.lastname@example.com>
You may want to replace HOLD with DISCARD or REJECT once you think the pattern work for you.
© by Ralf Hildebrandt
This document contains links to external information sources that I do neither monitor nor control. I explicitly disclaim any liabilities in respect to external references.
You are getting this document without any guarantees. Any methods shown above are meant as demonstration and may be wrong in some place. You may damage your system if you try to follow my hints and instructions. You do this at your own risk!

This file was last modified 17. Jan 2007 by root