« Packing my bags | Main | The California trip round up »

A nice "welcome home"

I got home about an hour ago from my California trip to discover my mail server has been working overtime. Quick glance through the logs revealed tons of rejected messages to random email addresses.. reminiscent of a dictionary attack. But that wasn't it.. it's something much, much more annoying. See, dictionary attacks can be easily blocked. They normally come from infected machines in a limited address range and a counter-measure can easily be scripted.

This is something that essentially amounts to a DDOS attack against my mail server. A spammer used my domain as a return address on a lot of spam. Looking at the graph above, I would say this will only get worse before it gets better.

I guess time to setup SPF... although I doubt it'll help much here.

Posted by kasia on April 24, 2005 11:41 AM |

Comments

Oh, what a ROTTEN thing to return home to! Sorry, buddy...

Posted by: packet-strangler | April 24, 2005 12:13 PM

Tim Bray says he and others are seeing the same:

http://www.tbray.org/ongoing/When/200x/2005/04/23/Spam-Storm

So you’re not alone on this one.

Posted by: Aristotle Pagaltzis | April 24, 2005 12:37 PM

I've been getting this for a while. http://trikuare.cx/nospam.html

I'm glad that Spamcop is finally cracking down on sites which do async bounces (like the qmail default), since that will help with the problem of bounce-processing quite a bit. Async bounces are great from a CPU utilization standpoint, but not so great from the "following the RFC" and "preventing abuse" standpoints.

This won't help with irate people sending "PLEAS DO NOT SPAM ME!!!!!!1" stuff or the stupid positive-identification emailed link things (which I always click the link of out of habit, because challenge-response whitelisting is a retarded thing to do).

Posted by: fluffy | April 24, 2005 01:24 PM

> I guess time to setup SPF... although I doubt it'll help much here.

Why not?

Posted by: Mike | April 25, 2005 03:04 AM

Looks as though your server's stats are starting to drop again- were you able to set up something on your end, or is this just the fall-out from the spammers just abating naturually?
Just curious...

Posted by: packet-strangler | April 25, 2005 06:49 AM