Backscatter increase clogs inboxes
Posted Apr 10, 2008 13:37 UTC (Thu) by dwmw2
Parent article: Backscatter increase clogs inboxes
It's not particularly difficult to avoid backscatter. I never send MAIL FROM:<email@example.com>, and thus I never need to accept bounces to that address.
Instead of using my raw email address as the SMTP reverse-path of outgoing mail, my mailservers automatically rewrite it to include a timestamp (and an md5 hash to make it non-trivial to fake). Then they can recognise and accept only valid bounces to mail which I did actually send, while rejecting the backscatter from fakes.
As an added bonus, when I started doing this, people whose mailservers bother with sender verification callouts were also able to reject the mail faked to appear from firstname.lastname@example.org too.
to post comments)