Sun 30 Aug 2009 08:36:07 AM PDT
Spam from a spam filter
Just got this from somebody's spam filter:
A message from <firstname.lastname@example.org> to: .........@........ was considered unsolicited bulk e-mail (UBE). Our internal reference code for your message is 52025-06-2/iuTig+4zlYYG The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification. We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on either side.
"Try to minimize backscatter"? Not very hard. Do a
host -t TXT zgp.org—this domain has an SPF
record. If you're running a spam filter, you can
check the other end of the SMTP connection against
it as soon as the other server says MAIL FROM.
Then drop the connection right there if it's an
obvious forgery, without even accepting the data or
bothering your filters.
Yes, I'm saving your incoming SMTP server precious energy. You're welcome. Save your main spam filtering resources for mail that either passes SPF or comes in from a domain that still doesn't have it. Spammers can always register domains and get SPF, so SPF isn't the Silver Bullet for Spam, but it does help keep spam filters from spamming, if you use it. Don't spam the victims of address forgery.