Dealing with forged return addresses hitting my domains?

Andy Bradford amb-plug at
Fri Apr 21 10:47:44 MDT 2006

Thus said Kimball Larsen on Fri, 21 Apr 2006 09:03:28 MDT:

> So, until recently,  we have had very little problem,  but in the last
> =20 few weeks some spammer(s) have  gotten hold of our business domain
> and =20=  are using  it to  spoof return  addresses, thus  slamming my
> systems with =20= hundreds of bounced messages/day.

Are these bounces  for legitimate users or are they  just picking random
names  and spamming  those,  which  in turn  get  the

> First up is Sender Policy Framework  (SPF) (1). I actually had not =20
> heard about this until today  when I started researching this problem,
> =20= and have  already heard relatively strong opinions  on both sides
> about =20= whether SPF is a good or bad thing.

Bad and also not likely to help in this case, see my reply to Hans.

> Next is  Domain Keys (2).  This sounds promising,  but also a  bit =20
> daunting to set up correctly.

Better than SPF, but still not likely to help you in this situation.

What  exactly  is the  concern  with  these  bounces? Are  they  causing
legitimate  email to  be  delayed? Are  they being  sent  to real  email
addresses and thus  affecting your users productivity?  Are they causing
your  mail  server  to  get overloaded?  Bandwidth?  Answers  to  theses
questions can help in determining the proper solution.

[-----------[system uptime]--------------------------------------------]
 10:47am  up 19 days,  2:09,  1 user,  load average: 1.00, 1.01, 1.00

More information about the PLUG mailing list