Damned spammers. Looks like a big batch of drug-spam just went out with my personal email forged as the sender. The number of backscatter messages I’ve gotten today exceeds the number of spams that usually make it through to me in a week. Why? Because my anti-spam measures are mostly about blocking messages from “bad” mail servers, and backscatter comes from “good” mail servers.
I’m laying a lot of ironic emphasis on those quotes around “good” because I shouldn’t be getting those backscatter messages at all. They piss me off – at the spammers, of course, but also at the people who run the mail servers which are helpfully “returning” mail to me that I did not send. In a more idealistic time I might have suggested that they could have avoided this by using SPF (which is true), but this is an even more basic competence issue. To quote from the above linked page:
Bounces should ideally only be generated by a mail server to a local recipient. Mail servers should not generate bounces to non-local recipients, but should instead reject the mail during the SMTP session, and leave the remote sending server to handle the bounce…
I’ve set up a Postfix rule that is now catching a lot of these as they come in and rejecting them with a message to that effect – not that it’s likely many of those mail admins will ever notice.
I’m also grumpy because this type of event invetitably yields a few hate-filled messages from spam recipients who misguidedly think they are replying to the spammer, when they are in fact just unleashing their (merited) rage on a poor schmuck whose email address got forged.
That would be me.