[HCoop-Discuss] Filtering out bogus bounce notification e-mails
adamc at hcoop.net
Thu Jan 25 06:46:51 EST 2007
I own a number of domains that years ago I set up so that I receive all
e-mail sent to any of their e-mail addresses. This is very handy for
giving a different address to each online service that requests one, so
that you can blacklist any address that ends up receiving spam.
Unfortunately, spammers like to use made-up addresses in the From
headers of their messages, and this includes random addresses at some of
my domains. Spammers also often send e-mail to nonexistent or full
mailboxes. The helpful mail servers at the other end send back bounce
notifications to let the sender know that such messages couldn't be
delivered. When the fake From header points back to one of my e-mail
addresses, I'm the one who receives the irrelevant bounce notification,
not the spammer.
Recently, I've been receiving a lot more of this kind of bounce message,
to the point where the usability of e-mail had been getting back to the
low levels of pre-spam-filtering days. I know some other members have
the same problem. Yesterday, I decided to try to do something about it,
and I was pleasantly surprised to find that a trivial Exim filter can
identify these dubious messages. I have a feeling others would like to
use my solution, too, so here it is:
or $header_precedence: contains "bulk"
or $header_precedence: contains "junk")
and $h_to is not "adamc at hcoop.net" then
The idea is that all bogus bounces should be moved into a special folder
(which you would need to create manually over IMAP before using this
filter), to be checked once a day for any false positives and then
emptied. I only send e-mail with a single From address, even though I
receive e-mail at many more addresses. As a result, any bounce directed
to any address but the one I'm using for this mailing list post doesn't
result from something I sent. Exim has this lovely "error_message"
variable built in that apparently applies some clever heuristics to tell
which messages are error notifications. This doesn't quite catch all
cases, as I also often get "I'm on vacation" auto-replies to messages
sent by spammers in my name. The two other conditions based on the
Precedence header seem to handle these remaining cases so far.
In the one day I've been test-driving this, it's worked _almost_
perfectly. The single exception so far is that e-mail notifications
from Mailman with moderation requests end up in my Bounces folder. Any
suggestions for improvements from the combined font of wisdom that we
have on this mailing list?
More information about the HCoop-Discuss