http://blogs.msdn.com/tzink/archive/2008/07/13/the-problem-of-backscatter-part-9-block-it-with-content-analysis.aspxWe can see how backscatter is a problem, so how do we go about stopping it?&#160; What are some of the techniques we can employ to keep it out of our inboxes? One such technique is to block all NDR messages, or at least tag phrases and characteristicsenCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/tzink/archive/2008/07/13/the-problem-of-backscatter-part-9-block-it-with-content-analysis.aspx#8730896Mon, 14 Jul 2008 08:34:51 GMT91d46819-8472-40ad-a661-2c78acb4018c:8730896a-foton &raquo; The problem of backscatter, part 9 - Block it with content analysis<p>PingBack from <a rel="nofollow" target="_new" href="http://blog.a-foton.ru/2008/07/the-problem-of-backscatter-part-9-block-it-with-content-analysis/">http://blog.a-foton.ru/2008/07/the-problem-of-backscatter-part-9-block-it-with-content-analysis/</a></p> http://blogs.msdn.com/tzink/archive/2008/07/13/the-problem-of-backscatter-part-9-block-it-with-content-analysis.aspx#8731754Mon, 14 Jul 2008 20:05:36 GMT91d46819-8472-40ad-a661-2c78acb4018c:8731754Lee Maguire<p>By far the most effective filter for DSN messages is</p> <p>going to be to match RFC3464 bounces:</p> <p> if sender is &lt;&gt; </p> <p> and Content-Type: contains &quot;multipart/report&quot;</p> <p>I have mailserver filters that identify and tag different DSN types. &nbsp;For example, exim generated bounces can be identified by the inclusion of an </p> <p>&quot;X-Failed-Recipients:&quot; header.</p> <p>Based purely on the backscatter I've received so far this week:</p> <p>249 RFC3464</p> <p>43 nonstandard (exim)</p> <p>38 nonstandard (qmail)</p> <p>6 nonstandard (other)</p> <p>5 nonstandard (exchange)</p> <p>3 unknown</p> <p>2 nonstandard (smtp32)</p> <p>1 nonstandard (type1)</p> <p>1 nonstandard (old sendmail)</p> <p>+ 11 other responses (DSNs not using null senders, confirmation requests, googlegroups.com nonsense.)</p> http://blogs.msdn.com/tzink/archive/2008/07/13/the-problem-of-backscatter-part-9-block-it-with-content-analysis.aspx#8731782Mon, 14 Jul 2008 20:19:54 GMT91d46819-8472-40ad-a661-2c78acb4018c:8731782Lee Maguire<p>Also, every time a null sender is used for connection, a check is made on the DNSBL <a rel="nofollow" target="_new" href="http://www.backscatterer.org/?target=backscatter">http://www.backscatterer.org/?target=backscatter</a></p> <p>and positive hits are tagged on the mail.</p> <p>Currently 133 hits out of 347 backscatter mails.</p> http://blogs.msdn.com/tzink/archive/2008/07/13/the-problem-of-backscatter-part-9-block-it-with-content-analysis.aspx#8733597Tue, 15 Jul 2008 18:27:50 GMT91d46819-8472-40ad-a661-2c78acb4018c:8733597Frank<p>Other uses of empty reverse paths include auto-responders (RFC 3834), e.g., vacation mails (RFC 5230), and message disposition notifications (RFC 3798). Apart from being difficult blocking all bounces including good bounces is a dubious plan, mail reliability depends on error reports. Even black-listed &quot;backscatterers&quot; can send good (wanted) mails with an empty reverse path. Blocking known &quot;backscatterers&quot; might work for senders never sending mail to them. But where senders are organized enough to guarantee this they can likely also deploy BATV and/or SPF FAIL without losing good bounces.</p>