Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About myobfool

  • Rank
  1. myobfool

    Reverse NDR Spam

    Well I'm off Spamcop now so there you go. The final answer is that: I bought a Barracuda firewall. It does an LDAP lookup so if you aren't in my Exchange 5.5 database you are gone. (and no I still did not see a way to do an SMTP reject, and yes Micro$oft software bites) 98% of the mail I got in, and that I am 100% sure got me listed were reverse NDR attacks. i.e. a spam was sent into a non-existent address at my domain... the sender was spoofed, so my system responds with a NDR to the address. (I looked at my message queue and you don't want to know how many I was getting to bozo[at]myaddress.com for fake addresses) Since SpamTrap addresses are out there for spammers, I would contend that is why I was accused of "sending mail to spamtraps", give me a few names of a spamtrap and I'll check one of the 10,000 messages I killed on Thursday. Today is Monday, since Thursday when I put the box on I've received 27,000 messages at my domain. 26,500 were spam and killed by my new box, and 95% of them were NDR spam. That would certainly explain why my mailserver was brought to its knees. Again I remind you, your list is very likely going to falsely list people. I was not on ANY of the other lists, ORDB, Spamhaus, etc. only yours! I met none of the open relay criteria and yes kids I tested it myself. I understand the attitude about spam, but some of you with your arrogant in your face attitude don't help the situation. I was a victim, I was falsely accused because of this new style of attack and most of you pretty much told me to rub rocksalt. And yes, I really truly think you could get sued....if your information is faulty, you publish it to the internet, tell people to use it and have been told it's wrong..... you could get sued. Win? Who knows, but don't keep saying "we have the right and you can't sue us". I would not "bet" on that statement which I keep reading over and over again....... You have no rights if you get sued, except to defend yourself. You may be vindicated, you may not be. But do NOT keep saying, you can't sue us. McDonalds got sued for warm coffee for pete's sake. Give you a clue guys, any of you who respond to NDR's will likely be next. spam traps are not foolproof. Oh and why give myself grief by listing my address. Trust you, I suspect not. For those of you who are actually technically interested, reverse NDR is only about a month old. Look up the tech notes, it's fiendishly clever and bypasses most of the normal security an email system has.
  2. myobfool

    Reverse NDR Spam

    Illegal, no one has the right to block emails. Hmmm, well there are a few people advocating against RBL's who would vigorously argue that point. You are putting out information in error which naive admin's thinking your list is accurate decide to use. Is that actionable, probably, but I'll let the lawyers fight that one out someday. This would not be the ISP's it would be the purveyor of deliberately erroneous information.....hmmm wonder who that would be. Well there you go, I think you're wrong, you think I'm wrong. Merlyn you try fairly hard to miss my point so I'll try it again. Oh and I've read BOFH, and I don't think I am one. This is a brand new attack. It is real, it is now. Welcome to the new world of spamming. The reverse NDR attack is not stoppable by having the correct settings on your server. The spamcop list chooses to use criteria that includes reverse NDR and it's not appropriate. Anyone can nominate anyone to this list and that begs for abuse. Do I think I'll win this discussion, no of course not. Your hyperbole on spam (a snip from the main spamcop page) proves that you're not listening. Am I looking at setting up an anti-spam product, of course. I'm not going to win this fight with Spamcop or you, since you can't win a zealot's argument. This type of self inflicted vigilante behavior throws out the good with the bad and then tries to blame the victim. Oh and don't try the "blame the ISP" argument. You try arguing with some large companies or ISP's, it's a faulty argument and just used to again try to blame the victim. Oh and I wish I could do an SMTP reject, blame Microsoft for my cruddy software. Enjoy the new twist on spamming. It's going to make a lot of anti-spam software vendors even happier. Get some content filters and stop using a shotgun when a rifle is more appropriate. Have a nice day. <g>
  3. myobfool

    Reverse NDR Spam

    My company has AGAIN been listed by SPAMCOP. The below is why. Aside from the fact that I consider this list to be illegal, possibly actionable in court etc, it belies the fact that I can't control the Non Delivery Notices that my system puts out. This is BRAND NEW, and friends it's going to be a problem. Do not DARE to tell me that it's the ISP's, I KNOW that. You publish the list, you permit the criteria. IT IS YOUR CHOICE. At this point I'm not an open relay, but it doesn't matter. AS long as I PERMIT NDR THE SPAMMERS CAN USE MY FLIPPIN SYSTEM. The short answer of it is: Spammer spoofs sender to be who they REALLY want to send to. Sends spam to me to a non-existent address at my domain My system responds appropriately with an NDR, but since the spammer has built the spam into the message, it RESPONDS TO THE SPOOFED ADDRESS THEREFORE DELIVERING THE spam. I THINK MOST RBL'S ARE USELESS AND THIS IS ANOTHER EXAMPLE OF WHY. Spammers have a new means to avoid filters built into many systems. They take advantage of a mail systems sending of a non-delivery report (NDR) when a message cannot be delivered as addressed and returns the original contents. CMS calls this a "Reverse NDR attack" (RNDR). A few customers have experienced this, some so badly that over 33% of their Internet messages are attributed to this type of spam. The end result is the spammer has attained a new form of mail relaying. Your server's resources are being stolen to deliver spam. -------------------------------------------------------------------------------- How does a "Reverse NDR" attack work? Step 1 spam email is created with the intended spam victim's address in the sender field and a random, fictitious recipient, at your domain, in the To: field. Step 2 Your mail server cannot deliver the message and sends an NDR email back to what appears to be the sender of the original message, the spam victim. Step 3 The return email carries the non-delivery report and possibly the original spam message. Thinking it is email they sent, the spam victim reads the NDR and the included spam. -------------------------------------------------------------------------------- What are the symptoms of a RNDR attack? Sluggish email delivery Outbound queues full of non-delivery notices Excessive admin time to clear outbound queues If you are experiencing any of the above, chances are good your mail server is under attack.