[nsp-sec] spam bounces drown German university
Serge Droz
serge.droz at switch.ch
Thu Jun 19 02:23:25 EDT 2008
Hi Andreas,
you're not alone here, we've got the same problem.
Well, the Problem really is to distinguish the real bounces (i.e. the ones
generated by mails from your sites) from the spam generated ones.
You can solve this by using Bounce Address Tag Validation
(http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation).
It fights the symptom, not the cause, but that's industry standard when it
comes to spam, right ;-)
Cheers
Serge
Chris Morrow wrote:
> ----------- nsp-security Confidential --------
>
>
>
> On Thu, 19 Jun 2008, Rafi Sadowsky wrote:
>
>> ----------- nsp-security Confidential --------
>>
>>
>> Hi Andreas
>>
>> Any reason the "drowned" university hasn't put up SPF[1] records?
>> While it won't solve the problem IMHO even a 5-10% reduction in the
>> bounce volume would probably be useful to them
>>
>
> also it's probably best for them to accept the email bounces and just
> send them to /dev/null .. than to try to bounce/reject them. My dual
> PIII 650 could fairly easily accept and /dev/null 2.4m messages/day so
> I'm sure a modern university can do better than that. (though granted it
> is damned annoying).
>
> -Chris
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch
More information about the nsp-security
mailing list