[Mailman-Users] excessive bounce notifications..

Brad Knowles brad at shub-internet.org
Mon May 19 17:49:13 CEST 2008

Mark Sapiro wrote and quoted Bill Christensen:

> Those are good suggestions, but in the case of the OP, the issue is
> much simpler than that. Spam is sent directly to the list-bounces
> address.
>> Spam filtering before it gets to Mailman is still probably the best choice.
> Yes.

It seems to me that the OP's problem is spam that is masquerading as a 
bounce.  This has been going on for some time (see 
<http://www.crn.com/security/191900278> for an article written in 2006 about 
what one company was working on to combat the problem), but has become much 
more populare recently.

The method known as Bounce Address Tag Validation (a.k.a., BATV, see 
<http://mipassoc.org/batv/>) is one way to try to mitigate fake bounces, but 
it is limited in scope and fragile.  I think it may also break mailing lists.

I have an alternative technique that I call Bounce Address Tag 
Fingerprinting (BATF) that I believe will be much more robust, won't require 
modifying the envelope sender address, and won't require any crypto.  I have 
yet to get it officially written up anywhere, however.

However, above everything else, BATV and BATV are not mutually exclusive. 
You could start with BATV now (if your systems are capable of handling it), 
and add BATF later, once it's been written down on paper and software has 
been developed which implements the technique.

However, as you point out, all spam possible filtering should be done at the 
MTA, before the message ever gets to Mailman.

Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

More information about the Mailman-Users mailing list