Delivery failures

**NickFitz** · 8 July 2009, 12:48

Originally posted by NotAllThere View Post

Over the last few days, I've been getting a few tens of delivery failures. They're all addressed to my domain, with addresses like:

ryckman_1994@...
safesure_1995@...

I guess the most likely cause is that some spammer is sending out spam using my domain as the return address.

Is there any other possible cause - like my ISP being compromised.

What action should I take?

Ignore. I occasionally get runs of these from some of my domains. They die down after a few days, and don't usually happen again for months or even years.

The real problem is admins who have their mailservers configured to send out failure notices. This might have made sense back when t'Internet was about two hundred machines and everybody knew everybody else, but in a world where 90% of email is spam with forged headers, it's utterly stupid to send delivery failure notifications.

**voodooflux** · 8 July 2009, 12:52

Originally posted by NotAllThere View Post

Over the last few days, I've been getting a few tens of delivery failures. They're all addressed to my domain, with addresses like:

ryckman_1994@...
safesure_1995@...

I guess the most likely cause is that some spammer is sending out spam using my domain as the return address.

Is there any other possible cause - like my ISP being compromised.

What action should I take?

This happened to me a few years back - I suddenly started receiving hundreds of such bounce emails ("backscatter") each day as a result of someone spamming using my domain, and this persisted for quite a while and showed no sign of letting up.

I did however find a solution: the Sender Policy Framework (SPF) came to the rescue. I was sceptical about how well this would work, but I configured an SPF record against the DNS entry for my domain and the problem basically went away overnight.

Some resources for more information:

http://www.openspf.org/
http://en.wikipedia.org/wiki/Sender_Policy_Framework

**xoggoth** · 9 July 2009, 08:59

Yeh. I recently changed my mailer yet again to something supposedly more secure provided by the hosters but not really sure if that was the problem. As Nickfitz says they seem to come and go whether you do anything or not.

I configure mailing so all unknown users at @me.co.uk are sent to a specific receiver and then use Ultrafunk Popcorn to look at that occasionally in case there is summit legit in there due to a typo. It's a good freeware mail client, lets you download just headers and gives you various delete options including delete all mail on server.

**voodooflux** · 9 July 2009, 09:18

Originally posted by xoggoth View Post

Yeh. I recently changed my mailer yet again to something supposedly more secure provided by the hosters but not really sure if that was the problem. As Nickfitz says they seem to come and go whether you do anything or not.

It's definitely worth checking out the SPF I mentioned above. It's very simple to add the appropriate record to the DNS entry for your domain - most domain registrars/DNS providers have a facility for this, although some have to add it manually upon request. From my experience it pretty much fixes the problem once and for all.

**xoggoth** · 9 July 2009, 09:41

Thanks. I have had a look, but my mailer is used by the credit card site to forward mail to me\customer, not entirely sure it can do that. Getting these things to work is endlessly complicated with RBSWorldpay. If start getting junk/bounced mail problems again I will look at it.

**expat** · 9 July 2009, 17:01

Originally posted by voodooflux View Post

This happened to me a few years back - I suddenly started receiving hundreds of such bounce emails ("backscatter") each day as a result of someone spamming using my domain, and this persisted for quite a while and showed no sign of letting up.

I did however find a solution: the Sender Policy Framework (SPF) came to the rescue. I was sceptical about how well this would work, but I configured an SPF record against the DNS entry for my domain and the problem basically went away overnight.

Some resources for more information:

http://www.openspf.org/
http://en.wikipedia.org/wiki/Sender_Policy_Framework

AIUI this only works where receivers use it to verify the email purporting to come from you. So you found that a lot of receivers did?

**voodooflux** · 9 July 2009, 18:04

Originally posted by expat View Post

AIUI this only works where receivers use it to verify the email purporting to come from you. So you found that a lot of receivers did?

It is primarily employed by mail transfer agents rather than email clients, so the email is discarded in transit rather than by the recipient.

**ferret** · 15 July 2009, 13:20

No-one suggested turning off the catch-all?

If you don't use ryckman_1994@ then why are you letting your domain accept mail for this address? Easiest way to make sure you don't get hit with this is to only accept mail for addresses you use, reject all other mail for the domain. Cuts down on spam and backscatter by a huge amount.

Simples

**RichardCranium** · 15 July 2009, 13:25

Originally posted by ferret View Post

No-one suggested turning off the catch-all?

To: [email protected]

Dear Mr Feret,

I found your wallet in a puddle with your business card and £200 in it. I can just make out your email address. If you email me your postal address I'll send it on to you. If you don't respond, I don't know how to contact you!

Yours,

etc.

Is that too far-fetched?

I get stuff to mis-spelled RealName@ from time to time.

Delivery failures