On Oct 2, 2008, at 10:33 AM, Tony Moller wrote:
I'm not sure what you mean by 'backscatter.' Can you elaborate?
When a spammer (or virus) sends a note to LR and LR sends the
'appropriate' response to the forged 'Reply-To' address--whether the
resulting response contains all of the original 'payload' or just a
truncated remnant--that response is considered 'backscatter spam' and
the blocklist folks are getting more agitated about it all the time.
The biggest sources of backscatter from our server are from these
spammers or viruses trying to post to a list and not being allowed to
because they're not subscribed...which then generates a "you're not
subscribed" message to the 'Reply-To' address, which is usually not
the 'From' address (which is also forged)--or, a message comes to an
'-on' address and a Confirm Subscribe note is (rightly) sent to an
address that didn't request a subscription in the first place.
Because of this, my Confirm messages read:
- - -
"You are receiving this message because either 1) you attempted to
subscribe to the list <list name>, or 2) someone else maliciously--or
because of a virus--sent a subscribe request to us that *appeared* to
be from you.
"If you did *not* intend to subscribe, just delete this message; you
will *not* be subscribed to any list of ours *unless* you respond as
directed below. We are sorry that someone--or someone's virus-
impaired machine--did this to you; we wish we could prevent them from
doing such things, but it's just not possible to prevent such things
100% of the time."
- - -
but blocklist folks really couldn't care less...especially if that
forged 'Reply-To' address is one of their 'spam trap' addresses.
Right now, excite.com won't accept mail from us because of a single
piece of backscatter to a German group's spam trap, for example. LR
is doing what was, in the past, the right thing to do--telling
people, "You can't post because you're not subbed; are you subbed
under a different address?" or confirming their subscription. Now,
mis-fired messages should simply be eaten; an inept poster will have
to learn to do it right, rather than a bunch of folks getting
backscatter spammed to death because somebody's virus sent a million
messages with their address as the 'Reply-To'; subscriptions should
be only handled through web forms (you can still have a Confirm
Subscribe message, but the Requests address should be hidden so that
no spam generator can get ahold of it).
A good resource on this is:
http://spamlinks.net/prevent-secure-backscatter.htm
The stuff that is suggested for Mailman users at
http://wiki.list.org/display/SEC/Controlling+spam
is what I'd like to see us able to implement for LR...but I have no
idea how much work this would involve for Jud...which is why I'm also
wondering about the possibility of sending through EIMS and whether
EIMS has any sort of backscatter control, along with the fact that
(while we lose the speed of LR's domain aggregation) sending through
EIMS would, apparently, let us run LR under Leopard, while running it
by itself can't be done.
________________________________________________________________________
The Rev. Eric J. Stefanski
Holy Trinity Ev.-Luth. Church (Unaltered Augsburg Confession)
P.O. Box 2612 - Harrison, Arkansas 72602
Email: [EMAIL PROTECTED] http://
www.HolyTrinityLC.com
Lists: [EMAIL PROTECTED] http://
www.cat41.org
"Stefanski is the David Helfgott of theology...a few moments of
brilliance in a life filled with much incoherent muttering"
________________________________________________________________________
