Mailing List SIMS@mail.stalker.com Message #14315
From: Global Homes Webmaster <webmaster@globalhomes.com>
Subject: Re: Spammers, Viruses and Attachments
Date: Thu, 11 Mar 2004 11:40:49 -0800
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Mailsmith 2.1.1 (Blindsider)
On 3/11/04 at 10:59, Timothy Binder wrote:

> On Mar 11, 2004, at 11:26 AM, Telcontar wrote:
>
> > I get regular spam to several such addresses at my domain. I set my
> > personal address to be a catch-all, so that I can use any address I
> > like and invent ones on the fly when I want to (a subdomain of mine
> > uses an address that doesn't exist, for example).
>
> Be careful. I do the same thing, but about a month ago, I started
> getting email to "ted", "alex", "mary", etc @mydomain -- just random
> first names. I don't recall if it was a spam or a virus, but I had to
> add a long list to the router. They're all tagged as spamtraps.
> Fortunately, it died down, once there were about 10 or so names listed.

Probably a dictionary probe by a spammer looking for valid addresses on
your server. If it looks to the sender like a message was successfully
delivered, the sender will assume that the recipient address exists and is
valid. This is a compelling reason to not have a general catch-all address
-- it only encourages the scum to keep flooding your server.

> As an alternate, I was considering setting up a limited catch-all,
> which would only allow email through that fit a pattern, such as
> list-SIMS@cyberthorn.net.

A much more rational strategy. I have a line in my router for my personal
address:

<cbort-*> = cbort

That way, I can give an address to entities that I don't entirely trust not
to pass the address along to third parties. If I submit a form on XYZ's web
site, I can give my address as cbort-xyz@globalhomes.com and know that I
will receive mail sent to that address. If I subsequently start getting
mail to that address from a third party, I will know that XYZ sold me out.
If it gets bad, I can turn cbort-xyz into a spamtrap.

> > However, that means that I keep picking up mail directed to
> > webmaster@, sales@ and even contact@, which is a pain. I've set
> > sales@ to redirect everything to NULL@NULL (*evil grin*), and
> > Webmaster auto-responds telling the sender to use the address found
> > on the site (so one day I'll need to go clear that account out). I
> > should really set webmaster@ to bounce to NULL@NULL too, seeing as my
> > real address is plenty easy to find for any real visitors, and anyone
> > mailing me at webmaster@ is a clueless fsck :P

Rather than 'redirecting' to NULL@NULL, you could simply route to NULL.
E.g.:

<sales> = null

> I would just set them up to route to "error", so the other side gets a
> proper bounce. That way you don't even bother eating up any of your
> bandwidth accepting the email body and mail just doesn't disappear from
> the Internet.

Yes, routing to error is better than routing to null. In the case of
dictionary probes, addresses routed to 'null' look, from the sender's pov,
like successful deliveries. Addresses routed to 'error' will receive a
proper bounce that will prevent the sender from adding that address to
their database as a 'good' one.
--
                   Christopher Bort | cbort@globalhomes.com
            Webmaster, Global Homes | webmaster@globalhomes.com
                      <http://www.globalhomes.com/>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster