EximE-mail administrators (real ones) make sure e-mail messages are accepted by a mail exchanger only if its intended recipients really exist. If a recipient doesn't exist, the Mail Transfer Agent (MTA) should inform the sending MTA during the SMTP transaction and refuse to accept the message. There are thousands of incorrectly configured MTA on the Internet that accept a message first, to then find out that it is undeliverable. They then create a Non-Delivery Report (NDR) that is sent to the envelope sender of the original message. Now consider a spammer who sends out millions of messages with a faked sender address. Consider further, that the faked address is your address (e.g. you@example.net). Who, would you say, is going to get all the Non-Delivery Reports sent to her mailbox? Right: you. A method to overcome this is for you to modify outgoing envelope addresses, giving them some sort of random value that expires over time. Doing so means that a legitimate NDR can be delivered within, say, a week, but no longer after that (the address expires and if it is used, your e-mail server just refuses to accept the bounce). All this is called Bounce Address Tag Validation (BATV). In simple terms, what it does is to transform your envelope sender (you@example.net) to something like prvs=you/0192884@example.net. Note the magic key, generally an SHA hash of a date and a magic key you define. When a legitimate bounce returns, your mail server converts that back to you@example.net if, and only if, the key and the date can be decoded. I've postponed implementing BATV for far too long; work-load was such that I just didn't get around doing it. Because of a huge load of backscatter we've been getting, I've implemented BATV on our Exim gateways. It isn't difficult to do, and this will give you a good idea of what to do. One comment however: depending on your setup, you'll want to place the batv_redirect router as high up as possible in your Exim routers list, to ensure that routers have a translated version of the recipient's e-mail address. And how well does it work? Well, in our environment, we caught over 2000 fake bounces in the first few hours. Pretty good, I'd say. :-)

Flattr this
Mail, Exim, and Spam :: 11 Apr 2008 :: e-mail

Comments

blog comments powered by Disqus