Cleaning NDRs out of a Spamtrap Feed?

Friends, Romans, Countrymen......could I lean on you for some tips on how to clean NDRs out of my spamtrap feed? As I ramp it back up I want to make sure I'm tagging mail correctly. I may include NDRs and other types of backscatter in some of my calculations, but I definitely want to denote what it is, as accurately as I can.

Could you offer up some suggestions on things to look for? Null return path/sender header is the big thing, if every NDR was formatted properly, that would catch it all. But I'm seeing a significant amount of bounces that don't have a null sender, so I'm probably also going to resort to some sort of text string matching. So if you have a big ole list of strings or individual string suggestions, please feel free to leave them in comments.

All feedback is welcome, and thanks!

2 comments:

  1. If you want to be aggressive, even if it means going too far, ignore ALL messages with any of the following 'FROM' address aliases:

    "mailer-daemon@"
    "mailer-daemon2@"
    "mail-daemon@"
    "mail-daemon2@"
    "postmaster@"
    "hostmaster@"

    If you want to be less aggressive, combine the above with a blacklisting of the message's sending IP on UCEPROTECT's backscattter list.

    (ignoring cases where only one of these two things occurs)

    ReplyDelete

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.