Here's a great example of that. Terry Zink of Microsoft's Exchange Hosted Services has done a very detailed write up on backscatter. What it is, why it happens, what you can do to prevent it, and more.
Let's start at the end. Terry writes:
- Don't make the problem worse by contributing to it:
- Don't accept mail, and then bounce.
- Don't use Challenge/Response, and don't allow your users to, either.
- Configure your virus scanner to silently strip or discard viruses/worms instead of sending a notification back to the sender.
- Don't run autoresponders, out-of-office notifications, etc. (Or maybe you only send auto-responses to senders who pass a DKIM or SPF check.)
After you've read and digested that, I recommend reading the rest of the series:
- The Problem of Backscatter, Part 1
- Part 2: The Legitimate Case
- Part 3: Legitimate Bounces
- Part 4: What the RFC Says
- Part 5: A Bit More on RFC 3464
- Part 6: Who sends the NDRs
- Part 7: Backscatter: What is it?
- Part 8: Why is it So Hard to Stop?
- Part 9: Block it With Content Analysis
- Part 10: Using SPF to Stop Backscatter
- Part 11: Check to See if You Sent it in the First Place
- Part 12: Don't Contribute to the Problem
Terry's my hero for taking the time and spending the effort to document the backscatter problem in this much detail. Thanks, Terry!
1 comments:
I need to give credit to your blog, of course. Your original suggestions for not contributing to the problem of backscatter inspired the post. I merely paraphrased it.
Post a Comment