Filters That Fight Back

[Peter Bishop]

On 2 Sep 2003 at 8:06, David Relson wrote:

> A couple of weeks back, one of the userids at osagesoftware.com received
> a set of false bounces.  Since I know that userid has sent 1 or 2 emails
> in the past year and receives approx 1 legit email a week, I'm willing
> to bet that there was some chicanery involved.  The total number of
> bounce messages was small, perhaps a dozen or two..
 
I must admit I saw the same thing - One possible culprit is the SoBig worm
that uses random return addresses selected from the addressbook of the 
penetrated machine. A bounce to the actual sender might be a useful warning 
of infestation, but bounces to the forged sender could be very puzzling - 
it certainly worried me for a while until I saw that my spamtrap userid was 
also getting similar bounces. 

-- 
Peter Bishop 
pgb at adelard.com
pgb at csr.city.ac.uk