Forum Moderators: phranque
Under what circumstances do / will UCE/SPAM bounce back to any given domain?
If they've 'spoofed' his return address into the UCE/SPAM, is that to say all those that bounce back to his collection addy are indeed sent through his server, OR
Is it possible for that spoofed addy to be in the reply to only?
Finally, (my bone of contention), it is my position that there is no way nearly a thousand bounces can / could occur ( within a week ) unless they originally went through his servers on the way out?
Like everyone else, he has had his share of suspicious looking bounces, but never in the volume currently being experienced and that is what I'm basing my answer on, but I want to know more.
I'm thinking, if a thousand bounce, there must be nearly 100,000 pieces sent in the first place?
Is it a pathway thing, or just the return addy being spoofed?
Finally, (my bone of contention), it is my position that there is no way nearly a thousand bounces can / could occur ( within a week ) unless they originally went through his servers on the way out?
Most UCEs are delivered directly to the recipient via a DSL or dialup connection running a mail server or a mail delivery software. Since mails to a recipient are accepted as long as the recipient's domain is local, spammers connect direct and dump the mail. In event that there are no such user, the delivery will fail but if the domain consists of a secondary relay server, spammers like to connect to it as they may accept the mails and then bounce it later.
Delivery failure notices will not be sent to the spammers but to the sender's address specified.
It could also be your friend is running a vulnerable formmail sort of script that has been exploited.
Time for your friend to implement sender policy framework to fight this spoofing.
99.9% of the time the return email address is fake. No serious spammer will use their own email address when it's so easy to fake someone elses. Most spam filtering compani
