One of my e-mail customers is currently on the receiving end of massive amounts of delivery failure notices as a "Nigerian scammer" seems to be using her address as its MAIL FROM field.
A lot of it is marked as spam by the SpamAssassin running on the inbound server (if they include the original message).
I added a manual content filter which removes more of the stuff.
I also temporarily blacklisted a few of the most active sources of bounce emails as they weren't servers any of my customers were likely to exchange actual e-mail with.
That has reduced the amount of spurious delivery failure notices my customer receives, however she's still getting ~1-2 such notices per minute.
Is there anything more I can do to help her get rid of this?
The other main thing that can be done to prevent backscatter is to publish SPF records for your customer's domain. The format is detailed at the OpenSPF project's website, but in essence you publish through the DNS a list of servers that are authorized to send mail from your customer's domain, and then make it clear that no others are permitted to do so (
-all).It's up to the recipient to check the SPF records before accepting a spam forged as coming from your customer's domain, but many do, and a hard failure (
-all) will cause those recipients to reject the incoming email before it ever gets as far as making a bounce message.I found that publishing SPF records for my domains immediately cut the backscatter by a big fraction - perhaps 65%? - and it fell much further over time, probably because intelligent spammers will avoid picking fake-sender domains that are going to be instantly rejected by mailservers with clue.
The mail your customer is receiving is called backscatter. Simply knowing that people call it that might help your Google searches for potential fixes. Here's a ruleset for SpamAssassin that might help.