Cleaning NDRs out of a Spamtrap Feed?

Friends, Romans, Countrymen......could I lean on you for some tips on how to clean NDRs out of my spamtrap feed? As I ramp it back up I want to make sure I'm tagging mail correctly. I may include NDRs and other types of backscatter in some of my calculations, but I definitely want to denote what it is, as accurately as I can.

Could you offer up some suggestions on things to look for? Null return path/sender header is the big thing, if every NDR was formatted properly, that would catch it all. But I'm seeing a significant amount of bounces that don't have a null sender, so I'm probably also going to resort to some sort of text string matching. So if you have a big ole list of strings or individual string suggestions, please feel free to leave them in comments.

All feedback is welcome, and thanks!


  1. If you want to be aggressive, even if it means going too far, ignore ALL messages with any of the following 'FROM' address aliases:


    If you want to be less aggressive, combine the above with a blacklisting of the message's sending IP on UCEPROTECT's backscattter list.

    (ignoring cases where only one of these two things occurs)


Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.