Just a heads-up for other ISPs... It seems that PCWorld have included on a CD distributed with the magazine, a piece of software called BounceSpamMail. The user drops the offending message into it and it forges a bounce from postmaster(a)your.domain. Does wonder for the REAL postmaster account when the spammer's dropbox is invalid. Already, one of our users has been slapped down, and pointed to our AUP. Any comments on this one Juha? :-) --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

On Fri, Jul 06, 2001 at 09:21:21AM +1200, Gordon Smith wrote:

Just a heads-up for other ISPs...

It seems that PCWorld have included on a CD distributed with the magazine, a piece of software called BounceSpamMail. The user drops the offending message into it and it forges a bounce from postmaster(a)your.domain. Does wonder for the REAL postmaster account when the spammer's dropbox is invalid.

Its only of very limited effectiveness. Very little spammers use bounces and any kind of feedback, in fact, mostly (90%) the fake from header and envelope and use an open-relay. For those that deliver things directly, you really want the 'no user' thing to appear in the SMTP conversation after the RCPT TO: --- I use a map like this: helenbostic(a)bigfoot.com 550 No such user zeus(a)eldorado.es 550 No such user shib.org 550 No such user mgrader(a)mail.com 550 No such user mailman(a)dailysluts.com 550 No such user mailman(a)dailyamateurs.com 550 No such user mailman(a)sexynineteen.com 550 No such user owner-idno-discuss(a)titan.actrix.gen.nz 550 Someone please get a clue newsletters.microsoft.com 550 Moronic software detected hepburn.hsx.com 550 No such user spy2(a)post.com 550 No such user .hsx.com 550 No such user goshopping.com 550 No such user listsrv.hsx.com 550 No such user (yeah, I know its not optimal, I was fiddling at one point) Which seems to have stopped the main offenders, especially those pesky spammers from microsoft :) --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

On Fri, 6 Jul 2001, Gordon Smith wrote:

Hopefully, not too many will use it, or I'll have to look at parsing addresses before accepting. Just when you think something is idiotproof, they bring out a better grade of idiot...

Please note that "they" in this case doesn't = "Juha". Anyway, I'm the highest grade idiot there is... should get certified really. ;-) -- Regards, Juha PGP fingerprint: B7E1 CC52 5FCA 9756 B502 10C8 4CD8 B066 12F3 9544 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

On Fri, Jul 06, 2001 at 01:48:24PM +1200, Simon Blake wrote:

Courier is a drop in replacement for qmail, and does non-existent-address rejection before accept - it threw over 90,000 bounces on the floor for me a few weeks ago, when some spambag in the states sent out mail with <some-random-text>@katipo.co.nz in the From: line.

The must have also set the envelope to <some-random-text>@katipo.co.nz for you to get bounces (al la DSN). If you are being smurfed, you want to dump things during the SMTP conversation if possible. Its been a long time since I had to deal with that, at the time it was in the sendmail says and I just hacked S98 to to it (I think, this was years ago literally). These days, there are much nicer ways of doing this, sendmail has something (dunno what) and postfix has several effective mechanisms which I use (mostly because I host a number of domains, none of which have webmaster@ or other common names, so to avoid spam I only accept mail for a few specific addresses and drop the rest). --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog