SPAM and Backscatter

Revision as of 22:51, 27 February 2009 by Adam Franco (talk | contribs) (Fixing category case)

SPAM, Backscatter, multiple MailerDaemon messages

The problem is quite complicated. We refer to it as "backscatter". This happens because your e-mail address has found its way onto a SPAM list. A spam list is a long list of e-mail addresses that spammers use to send bulk e-mail. Unfortunately, there isn't much you can do to decrease the number of such messages. The best step to take is to delete them. We may be able to help you set up a rule that will automatically move mailerdaemon messages into a separate folder, outside your inbox. Note that not all mailerdaemon messages are bad, there may be legitimate ones. See below for an explanation of how these messages get generated, and why there may be legitimate ones.

Almost every e-mail system has a "robotic" mailerdaemon account that automatically responds when an e-mail address listed in a message is NOT found (there's no person behind the mailerdaemon account). This mailerdaemon account has valid uses. Take this for example: Joe sends a message to an e-mail list (that consists of jim@middlebury.edu, jack@middlebury.edu and bob@middlebury.edu). The message arrives in our (middlebury) mail system, and our (middlebury) mailerdamon finds that bob@middlebury.edu doesn't exist, so it goes ahead and e-mails the other people on the list (including the sender, Joe) that bob@middlebury.edu doesn't exist in our e-mail system. The message from mailerdaemon can help the sender to figure out why bob@middlebury.edu doesn't exist (maybe the sender made a typo, and the correct address is bobm@middlebury.edu). Having some indication that the message did not reach bob@middlebury.edu, is better than having no response and thinking that the message got there successful. That's how the mailerdaemon messages get generated, and why these messages may have valid uses.

So imagine the spammer sending a bulk e-mail message to a long list of people on different e-mail systems. If some of those people on the list don't exist, the mailerdaemon of each e-mail system will respond back, saying so. And since there's no person behind this account, there's no way to control these responses.


Warning About Phishing Messages
March 14, 2008
Phishing email warning

The College (like many other institutions) has been a target of fake (or "phishing") email offers/warnings. These malicious messages are meant to trick users into sending sensitive information to spammers. The best thing to do with these email messages is to delete them.

Here is a transcript of such a "phishing" message. If you receive a message such as the one below, do not reply to it, simply delete it. It sometimes helps to forward the headers of the phishing message to the Helpdesk. Contact the Helpdesk to find out how to forward the headers.

-----Original Message-----
From: EDU ACCOUNT UPGRADE TEAM [mailto:joerandom@company.com]
Sent: Friday, March 14, 2008 6:35 AM


Dear Email Account Owner,

This message is from educational messaging center to all our email
account owners. We are currently upgrading our data base and email account
center. We are deleting all our edu email accounts to create more space for new

To prevent your edu account from closing you will have to update it below
so that we will know that it's a presently used account.

We have been sending this notice to all our email account owners and this is
the last notice/verification exercise.


Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........

Warning!!! Account owner that refuses to update his or her account
within Seven days of receiving this warning will lose his or her account

Thank you for using edu!
Warning Code:VX2G99AAJ
Edu Account Upgrade Team

Forged From Address


http://forum.spamcop.net/scwik/FromAddressForgery (also has a note on backscatter)

Reporting SPAM

  • Reporting "casual" SPAM to the Helpdesk doesn't help much.
  • Reporting backscatter to the Helpdesk, doesn't help much either, but if the volume of backscatter is high, the Helpdesk can at least help you manage it.
  • Reporting phishing messages to the Helpdesk is VERY HELPFUL, as the Helpdesk can quickly block responses to the phisher's address.
  • You can still report any sort of SPAM at http://www.spamcop.net/ -- other people and institutions can potentially benefit from this.

Client host blocked using Barracuda Reputation

Problem: E-mail sent from off-campus messages may be blocked by Barracuda with the error Client host blocked using Barracuda Reputation.

Solution: There are three ways of resolving the problem: 1) You can setup a non-middlebury e-mail account for yourself (for example, Gmail http://www.gmail.com), ask people that have this problem to e-mail you on that account.

2) The people that have this problem can setup a another e-mail account (for example Gmail) and e-mail you FROM that account to your middlebury account.

3) The people that have this problem can review the error messages that they received. They should contain a link that will allow them to remove themselves from the spam filter. If you look at the message that you forwarded to us, you'll see this link: http://bbl.barracudacentral.com/q.cgi?ip= <-- that's the link that this particular person needs to use to remove himself/herself from the spam filter.

We (Middlebury College, or the Helpdesk) do not have control over this particular spam filter. This particular spam filter uses some sort of a reputation system to decide what's spam and what's legitimate (if you look at the error message that you forwarded to us, you'll see "blocked using Barracuda Reputation").

host shark.middlebury.edu[] said: 554
Service unavailable; Client host [t-1.altavoz.net] blocked using Barracuda
Reputation; http://bbl.barracudacentral.com/q.cgi?ip= (in
reply to end of DATA command)