Backscatter : the new spam frontier.Email bounces are messages (referred as non-delivery reports (NDR) or delivery status notifications (DSN)) that are generated by a mail server to report on the delivery status of an email message.
THE PROBLEM
Problems arise when mail is bounced that was sent by a mail server to a non-local recipient. ( i.e Faked sender or dictionary attack ) If a message did not originate locally, then a mail server cannot know for sure if the address it is sending the bounce to is forged or not. This leads to unsolicited backscatter, sent to sites that never originated the email. ( on a large scale this is a DOS attack )
THE SOLUTION
Dont bounce mail, verify the source IP and REJECT at the SMTP connect level. This cuts down on the double bounce, that is more than likely to happen. By bouncing the mail, you are quite likely going to be handling it twice, what a waste of mail handling resources. You can also use proxy SMTP filters, these work extremely well. Not only does this cut down the spam, it also cuts down on the virus mail from DSL and Cable machines. "DONT TAKE MAIL FROM AN IP THAT IS NOT VERIFIABLE TO BE THE IP OF A VERIFIABLE MAILHOST"
Here is a list of respected sites that can give more insight and infomation how to help eliminate backscatter:
jameshuggins
GigaLaw
Caida
PostFix
Spamlinks
Spamcop
Spamlinks
Backscatter is tantamount to promoting spam, by merely "forwarding it on", as apposed to VERIFYING the email from source, and accepting or dropping the SMTP connection. I guess that it is almost the same as a spam relay, so I guess BLACKLISTS that blacklist open relays should also be appearing as BLACKLISTS FOR BACKSCATTER soon.
