I’ve been on the business end of a long running joe-job for three (almost four) days now and it’s become apparent that I’ve to make some changes in order to deal with the stuff my system’s not currently delaing with.

Thanks to many mailservers including enough of the body about the spam much of the pain has already been dealt with. What left is DSN’s without the body and out of office replies, bloody clueless CR’s and autoresponders.

1. Drop anything with hints of B@rracuda in it.


2. Thank everyone who’s implemented SPF fully.


3. Give up reding system generated mails unless they originate from my mailserver or quote a Message-ID my server(s) generated


4. Do something devious with CR’s, spamarrest, earthlink, zonealarm, mail-block, Quirb/CA Etc. All appear to reply to obvious spam.


5. Thank the inventor of “Content-Type: message/delivery-status”

I’ve been gobsmacked by the backscatter. Comeone guys if you can’t kill spam in the stream don’t make the situation worse by creating new traffic to tell the forged sender their(yeah right) message couldn’t be delivered. Obviously one product stuck out above the rest for this issue, I think it’s because it wasn’t handled by the existing filters, but it’s easily filtered; nd all those cuda owners that removed the default From address, that won’t help you.
If you must use CR then front it with an anti-spam sollution that “has a hope”, You obviously don’t care about false positives otherwise you’d not use CR in the first place.

So reviewing my logs I can easily conclude SPF is the business, all “-all” hits have been removed because the sender was fake. I’ve changed my record to be a -all one too, hopefully doing my bit to prevent the spam hitting peoples mailboxes.

Lastly, postfix has saved my mailbox. Allowing me to front everything else with some simple regexps has saved my mailbox from the most obvious backscatter.