You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/12/14 01:59:32 UTC

[Bug 4029] New: RFE: Handle spammer backscatter (rfc1894 DSN bounce reports)

http://bugzilla.spamassassin.org/show_bug.cgi?id=4029

           Summary: RFE: Handle spammer backscatter (rfc1894 DSN bounce
                    reports)
           Product: Spamassassin
           Version: 3.0.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Rules
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: daveg@dgnode.screaming.net


General:

Spammers use any old address in their faked message submissions and we all (I 
hope it's not just me!) occasionally receive a rash of backscatter from MTAs 
that don't check credentials as carefully as they should. SpamAssassin has most 
of the tools already to delve deeper in to these RFC1894 Deliver Status 
Notification (bounce) messages to help identify the dross.

The DSN message itself should initially pass the standard SA test suite, coming 
from an valid Internet MTA. All of the potentially offending material is 
embedded within MIME multipart components, safely insulated from detailed 
analysis.

Possible Tests:

The 'Received-From-MTA' header within the 'message/delivery-status' component 
would be "known to us" if the original submission was valid.

The original message, or at least a significant portion of it, can be 
reconstructed from the 'message/rfc822' component if it exist. This could then 
be subjected to a further pounding by SpamAssassin to see if the original was 
spam.

Valid original messages would have originated "locally". This could be tested 
for in the reconstructed original message headers.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.