09-28-2005 05:51 AM
-updated subject to correctly categorize-
We are seeing a high number of these on our limited honeypot accounts and are curious whether other people are suffering from them and to what degree, as well as what measures you have taken to mitigate them, any experience out there?
Cheers
Justin
09-28-2005 11:44 AM
We've not seen spam joe jobs for a year or so now. The most recent used a deprecated subdomain (which we pulled the plug on to avoid the complaints - hotmail still blacklisted us so we had to buy a bonded sender subscription).
Now all we get is email worm joe jobs...
09-28-2005 02:34 PM
Yeah, I haven't seen a real Joe job in quite a while. Everthing that I've seen recently was from worms spoofing addresses.
09-28-2005 02:44 PM
My bad, I mis-categorized what we are seeing.
The mails we are seeing are bounces coming to us as due to spoofed from addresses on virual infection attempts that have been cleaned by the receiving party.
Brightmail doesn't seem to feel any ownership for them as they are "legitimate" bounces.
Sorry for the confusion.
Justin
09-29-2005 12:14 AM
You're kinda stuck with those bounces.
You could make a filter to drop all mailerdaemon bounces - but then users would have no legimate bounce messages either.
Floating around in the spamassassin open source rulesets somewhere are common "anti-virus message gateway bounce" response strings. That would alleviate some of it - but not the normal error 5xx responses.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide