Mike Holden wrote:
> Eric J. Wisti wrote:
>
>> That still doesn't make the "Please verify" messages any more friendly.
>> What if someone forges my email address and sends you a spam. I get a
>> "Please verify" message, but I had nothing to do with the email that was
>> sent, other than being a victim of an email forgery. Now, I also get a
>> nice "Please Verify" message. These systems may have been a ok workaround
>> before, but now that spam is some 94% of email is spam, all it does is
>> increase the amount of "spam", and involve people who may not even be
>> connected with the emails you receive.
>>
>
> Welcome to the 2009 internet mate! We're all fed up of spam, but until the
> ISPs get their fingers out collectively and block junk at source, we're
> stuck with it.
>
> If someone forges your email address to send spam, then you will still get
> any bounces back anyway if the victim email addresses fail (unknown email
> address, quota exceeded etc). A fair percentage of the spam I receive is
> bounce messages from spam sent "on my behalf" (i.e. spoofed From address)
> to invalid email addresses.
>
I grant you that a lot of improperly configured mail servers will create
such bounce back. However, a properly configured mail server won't
accept that email in the first place. It will get a message back to the
connecting "server" indicating "unknown email address" or whatever,
rather than accept the message and end up having to reply back to a
potentially forged return address.
A fairly old known attack method is to identify a pool of such
misconfigured mail servers and then bomb them all with a forged return
address of the person you want to hit with a DOS. It's called "joe
jobbing" someone -- http://en.wikipedia.org/wiki/Joe_job.
> Not a lot I can do about it, unfortunately. I do try to not lose sleep
> about it though :-)
>
In general, true. But, for those of you who manage mail servers, make
sure they don't create backscatter. And, if your ISP has a mail server
that does this, give them a hard time. It might have a small impact.
--
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
<hoogendyk AT bio.umass DOT edu>
---------------
Erdös 4
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|