Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bounced spam

 Ward Vandewege wrote: 
> Seems like the 'logical' way to solve this problem would be to add something 
> to every message you send out, check for that string in the bounces you 
> receive and redirect to /dev/null accordingly. 
> Problem is that many bounces don't include all headers. 

This is a problem that mailing lists have to deal with, and they address 
it with Variable Envelope Return Paths (VERP)[1]. Basically you make the 
from address (technically the SMTP MAIL FROM address) unique to each 
recipient - typically by embeding the recipients address in the sender 
address, and often with a message number as well. So if [hidden email] 
sends a message to [hidden email] you get something like: 

user+other_user=[hidden email] 

It's the only reliable way to connect a bounce to a sent message. 

But most people would find this as an impractical way to combat forged 
bounces. For the most part I approximate this technique by using unique 
sender addresses for each purpose, such as one for each mailing list or 
vendor I deal with. I haven't gone so far to use unique addresses for 
each recipient, though I could see how a Thunderbird extension might 
make doing so practical. 



Tom Metro 
Venture Logic, Newton, MA, USA 
"Enterprise solutions through open source." 
Professional Profile:

This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

Discuss mailing list 
[hidden email]

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /