Mailwasher / bouncing spam mail...

rh71

No Lifer
Aug 28, 2001
52,844
1,049
126
Opinions on this ?

I personally check mail every 5-10 minutes and bounce right away. But is it true that the sender can get a verification that their mail went through SUCCESSFULLY in the first place ? I'm not talking about a read receipt. I'm talking about the servers telling him it arrived successfully.
 

MrBond

Diamond Member
Feb 5, 2000
9,911
0
76
I read in PC Magazine a while back that they can somehow put an image in the html code of the messege, then link to it using some form of your email address in the code for the image. When they check their server logs, they see requests for the image with valid email addresses in them.

I get a lot of spam and checked a lot of them for stuff like this, however I've never really run across it (all the image source code is normal). I did get something recently with a strange link (wasn't to "unsubscribe") with my email in it, but I never investigated further. Even so, that's like one in several thousands of spam that I get that actually use that method.
 

rahvin

Elite Member
Oct 10, 1999
8,475
1
0
What is stated in that usenet post is the exact and perfect truth. At the time of delivery to the MTA the first line after HELO is the TO: address and if the account does not exist the message is never finished because the MTA gives the 550 account does not exist message.

In answer to the second response, all spam mail IMG's are tagged to identify you either by a submission to the server or simply through server logs that reveal the connections. You should NEVER read email with an HTML mail reader until you have verified that the mail is legitimate.
 

rh71

No Lifer
Aug 28, 2001
52,844
1,049
126
Originally posted by: rahvin
At the time of delivery to the MTA the first line after HELO is the TO: address and if the account does not exist the message is never finished because the MTA gives the 550 account does not exist message.

Maybe I'm not understanding you correctly... BUT:

When I bounce email messages minutes after I receive them, 95% of them get sent, meaning the FROM/REPLY-TO addresses in the spam mail were actual addresses (from the spammer's domain at least). Symantec's email proxy (NAV 2003) actually checks my outgoing messages and therefore validates for existing addresses as it gets sent (bounced) anyway. So what's wrong with bouncing in the cases of real return addresses ?
 

rahvin

Elite Member
Oct 10, 1999
8,475
1
0
Originally posted by: rh71
Originally posted by: rahvin
At the time of delivery to the MTA the first line after HELO is the TO: address and if the account does not exist the message is never finished because the MTA gives the 550 account does not exist message.

Maybe I'm not understanding you correctly... BUT:

When I bounce email messages minutes after I receive them, 95% of them get sent, meaning the FROM/REPLY-TO addresses in the spam mail were actual addresses (from the spammer's domain at least). Symantec's email proxy (NAV 2003) actually checks my outgoing messages and therefore validates for existing addresses as it gets sent (bounced) anyway. So what's wrong with bouncing in the cases of real return addresses ?

No you aren't understanding. Telnet to port 25 of your SMTP server. Follow this procedure:

1. SMTP server test: Forge some mail locally via SMTP. Replace ``me''
with your username and ``domain'' with your host's name.
% telnet [smtp server] 25
Trying [smtp server]...
Connected to [smtp server].
Escape character is '^]'.
220 domain ESMTP
helo dude
250 domain
mail <me@domain>
250 ok
rcpt <me@domain>
250 ok
data
354 go ahead
Subject: testing

This is a test.
.
250 ok 812345679 qp 12345
quit
221 domain
Connection closed by foreign host.

After you do that try a me@domain that doesn't exist and you will get the 550 error from the MTA, if you use a "domain" that isn't the one your MTA serves it should issue an error and say relaying is not allowed.

So when the spammer uses his/her spam program it logs all successful transfers and that in itself validates the email address. In almost 90% of cases the From: line and Reply To: line are forged headers. What that means is even if they are or aren't valid email addresses it's not going back tot he spammer. Do you understand now?