[nsp-sec] spam bounces drown German university
Joel Rosenblatt
joel at columbia.edu
Thu Jun 19 06:36:23 EDT 2008
I agree - we were getting almost 4 million bounce messages a day for over a year from some botnet that was sending all mail with a non-existent email address
at Columbia - it stopped a few months ago.
It was annoying and we had to add some mail servers to handle the volume, but it didn't put us out of business.
We did modify our server to black hole the messages as soon as we recognized them.
Joel
--On Thursday, June 19, 2008 3:24 AM +0000 Chris Morrow <morrowc at ops-netman.net> wrote:
> ----------- nsp-security Confidential --------
>
>
>
> On Thu, 19 Jun 2008, Rafi Sadowsky wrote:
>
>> ----------- nsp-security Confidential --------
>>
>>
>> Hi Andreas
>>
>> Any reason the "drowned" university hasn't put up SPF[1] records?
>> While it won't solve the problem IMHO even a 5-10% reduction in the bounce
>> volume would probably be useful to them
>>
>
> also it's probably best for them to accept the email bounces and just send them to /dev/null .. than to try to bounce/reject them. My dual PIII 650 could
> fairly easily accept and /dev/null 2.4m messages/day so I'm sure a modern university can do better than that. (though granted it is damned annoying).
>
> -Chris
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
More information about the nsp-security
mailing list