July 2008 - Posts
Backscatter spam is annoying. It's tough to filter because the contents of it can fool content filters and can also fool end users. Indeed, if your content filter could recognize an NDR and ignore the parts that typically occur in NDRs, you could
Read More...
While BATV is a good technique, we've seen that there can be some limitations with it when combining it with an SPF policy. What else do we have to consider with BATV? Catch-all addresses or non-deliverable addresses - Some MTAs will look up the
Read More...
We've seen that BATV is one of the better mechanisms to stop backscatter, the question now is how do we use it? What stuff does it potentially break? Some of the commenters in my other posts have alluded to it when they have said that you can't
Read More...
The following is a diagram that I drew that illustrates a summary of how BATV is supposed to work to prevent backscatter. Note the sequence of steps: Bender sends a message and hands it off through the outbound server. The outbound server signs his SMTP
Read More...
As we approach the end of my series on backscatter, there is still one more piece of technology that holds real promise to combating backscatter - Bounce Address Tag Validation, or BATV. That sounds a bit like a successor to HDTV... but it's not.
Read More...
Around the internet world, specifically dealing with email and MTAs, there are people who are familiar with and have expertise with a number of MTAs. Things like Exchange, Postfix, Sendmail, Qmail, Exim, and so forth. I am not one of those
Read More...
Many of the web sites that discuss backscatter encourage mail administrators to not further contribute to the problem of backscatter. I would be remiss if I did not include a section on it. Don't accept mail, and then bounce. The primary
Read More...
Other than content filtering and SPF, there's another way to combat backscatter - check to see if you sent the message in the first place. We have already seen that NDR messages and backscatter contain a notice from the bouncing email server as
Read More...
Using content analysis is one trick you can use to stop backscatter. Another is to use SPF records. SPF records are designed to help combat backscatter on the theory that the recipient mail server will be able to figure out that your server didn't
Read More...
We can see how backscatter is a problem, so how do we go about stopping it? What are some of the techniques we can employ to keep it out of our inboxes? One such technique is to block all NDR messages, or at least tag phrases and characteristics
Read More...
I interrupt my series on Backscatter spam to announce two anniversaries of mine. Today, July 12, is my four-year anniversary of working for Frontbridge, which later became Microsoft Exchange Hosted Services. I started off as a spam analyst, doing
Read More...
I came across the following diagram at this site, and it nicely summarizes the issue of backscatter spam: Getting a single piece of backscatter spam is one thing, getting dozens, hundreds or even thousands of them is a major problem. While spammers
Read More...
Having worked our way through how NDRs and DSNs are supposed to work, we can now finally look at what backscatter actually is. Recall the SMTP protocol - when you send a message, you specify the HELO, the MAIL FROM, the RCPT TO, the DATA (email contents
Read More...
Earlier in my third post , I said that if server A sends a message to server B and server B cannot deliver it, server B sends a message back to server A called an NDR. It's not quite that simple, there are differing cases on who generates the NDR.
Read More...
Continuing on from my previous post about the format of Delivery Status Notifications, a DSN must be addressed to the return address from the transport envelope which accompanied the original message for which the DSN was generated. (For a message that
Read More...
As one of the commenters in my previous post mentioned, RFC 3464 specifies the content-type for Delivery Status Notifications. This isn't a series about the RFC specification so I shall attempt to summarize it as best I can. This post is mostly a repost
Read More...
