Saturday, September 9, 2017

How I stop spam backscatter rendering email on my domain unusable?



Some miscreant is using non-existent accounts on my domain as a forged sender for spam emails (i.e., sdfhdfsg@mydomain.com).




All the out-of-office and spam rejection emails are coming back to me (since my domain is set up to pass me anything addressed to my domain name).



The domain email is actually set up to redirect to Gmail, which is doing an admirable job at coping with the deluge (50k+ emails a week at least) but there's still a lot its not filtering.



The result of this is that I now no longer have my email for this account coming to my iPhone, as its incessant.



What can I do to reclaim normality? Not having all domain email come to me is the first thing that springs to mind (i.e, if the account doesn't exists, ignore it).



Anyone else got further advice?




Edit: Suddenly occurred to me - is this better asked on ServerFault?


Answer



Simple answer: don't have a catch-all on your domain.



In fact, don't accept mail on your server for accounts that don't exist, full stop. Just reject it outright, during the initial SMTP transaction. This is especially important when you have a front-end SMTP "proxy" server that does things like anti-virus, anti-spam etc, before passing clean(er) emails to an "inner" SMTP server that knows what users have mailboxes (e.g. MS Exchange). Outer proxy servers are often set up to accept email for an entire domain, without knowing which users exist, so they accept mail to anyone at your domain. Only when they realise that the user doesn't exist, they will generate an NDR. This can often be going back to an invalid address too, or to some other innocent victim.



You will also benefit here from not sending out NDRs for spams to invalid addresses on your domain that your "inner" server rejects. I've actually seen ISPs mistake these NDRs for outbound spamming abuse.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...