Solved

How do I catch this spammer?

Posted on 2009-07-13
3
311 Views
Last Modified: 2013-12-09
I have a client who's been getting these bounce-backs to his email. I've tried to use the exchange message tracker, but the bounced messsages don't show up. I'm guessing that someone who associates with him has a spammer virus that is using the addresses in their mailbox as return addresses for spam. I have a copy of one of the bounces, and I see some interesting data, but I don't know what to do with it. Can someone tell me if there is anything in this that I could use to track down this spammer? The user and company name have been changed for privacy.
readthis.txt
0
Comment
Question by:numb3rs1x
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24845407
Short answer. No.
Long answer. Don't waste your time.

Spammers have a lot of techniques for hiding, the use of bots, compromised Exchange servers etc. Finding how is behind it is impossible.

The spammer will just be picking a random email address to use as the from field.
The real problem is the clueless network admins who reject spam AFTER delivery and try to send it back to the sender. The sender is always spoofed so this is a waste of time.

Simon.
0
 

Author Comment

by:numb3rs1x
ID: 24846512
Is there something I can do to prevent this?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24847781
No.
Its known as back scatter. Under the terms of the RFC (which is basically the instructions as to how SMTP works) your server has to accept the NDRs. What you do with them after they have been delivered to your server is up to you.

Some may suggest SPF records, but that is an advanced antispam procedure. If those operating the software cannot get the basis correct - such as recipient filtering, then they are hardly going to be able to setup a rejection on the SPF record.

Simon.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now