I don't get much spam anymore, but a good 40% of my inbox is now bounce notifications for mails I never sent. Anyone got a good way to filter those out without filtering out valid bounce notifications?
I had the same problem once, for an little used mailbox under my 'administration'. It went away after some time, as the spammers using my address as a source address supposedly either had it blocked everywhere (could be bad news for you) or simply rotated it out as a normal practice.
I tried to go through a few headers and weed out the open relays they used, and reported the ones I could find to stuff like ordb. Not that that helped much probably...
You need to parse the bounce notification, take out the offending email address, and see if it matches one that's in the "to" field of the mail in your sent folder - and you may want to limit it to mails sent in the last day, it depends how worried you are on missing out on those "warning: message is still in limbo after 48 hours" messages.
So, what I'd do is write a rule in the email client to filter out all the undeliverable messages to some 'undel' folder, then make a chron job on the server to run, like, every hour (I'm lazy) to (1) assimilate a list of the email addresses I wrote to, (2) check the last hour's error messages against those, (3) toss all the non-matches into a non-matches folder (deleting them from the top folder), (4) toss all the matches into a matches folder, (5) reconstruct the 3 folders. I'm running cyrus, so tossing messages around and reconstructing is easy; otoh reconstructing the inbox while I'm in the inbox is sometimes a problem; etc. Whatever you're running, though, you could do something similar. You can also probably do this on your local machine, if you have an IMAP client. Probably. I don't know if it would make the client freak out too much.
You can cut this in half if you have a filtering program that can check an external file; then you can set your client to capture all the addresses you send to or recieve from in your address book, and you can have the filtering program check the address book for the address in the body of the undelivered message. Then you could also have a faster turnaround time. <shrug>
Related to legolas's post, Spamassassin cuts out a lot of these for me, because it checks for the open relays in the headers and stuff like that.
So, what I'd do is write a rule in the email client to filter out all the undeliverable messages to some 'undel' folder, then make a chron job on the server to run, like, every hour (I'm lazy) to (1) assimilate a list of the email addresses I wrote to, (2) check the last hour's error messages against those, (3) toss all the non-matches into a non-matches folder (deleting them from the top folder), (4) toss all the matches into a matches folder, (5) reconstruct the 3 folders.
Obviously you don't know the definition of lazy.
I still remain convinced that people get upset about spam not because of the voluminous amount, but because you get all excited that you have new e-mail and then it's a bunch of junk and you feel like a big loser. If you seperate the spam from the non-spam into folders, eventually you have to go and check the folders to be sure that there aren't any false positives, and by that point, what's the point?
I agree that people are generally pretty whiny about spam, and that most of the annoyance of spam comes from a punctured ego. But, I think it's faster to search for a few false positives than to search for real mails when they're mixed in with comparable portions of spam. I say this because it's my job to run daily through the company's 7,000-message-having spam trap, and it usually takes about half an hour. It's a lot easier to do that, eagle-eying for the .005% real emails, than it is to look through my personal email, which is about 80% spam and 20% real mail. It's like the brain finds AAAAAAAAAAABA faster to process than ABBABBBABAABABABA.
Check for false positives? Hahahaha. I get sixteen thousand spams per month (combining work account, home, and wife's account). Here are my handling tricks:
1. Use a whitelist on spamassassin. 2. If mail reaches my email client, but it's from an address that isn't whitelisted, the FLAG IT to make sure I keep my whitelist fully up-to-date.
This ensures that ALL email from previous corespondents reaches my inbox. Now we just need to categorize the unwhitelisted crap: 1. There are certain flags that spamassassin may raise that pretty much ensure I don't need to review the spam. For example, if SpamHaus says it's from a known spammer, then throw it away without review. If razor says that the email is a Known Spam Letter, throw it away. 2. For other emails, look for a duality of conditions. For example, email which has a return address leading to a Free Email site that contains even a little bit questionable content should just be tossed.
And then there are a small number that go into my graylist for later review. I also use these to tune up the filters as needed.
The worst mistake I ever made was signing my wife up using a common name (linda@xxxx) for her email account. This leads to the bounce problem that Evan has (I'm guessing Evan uses a evan@xxxx somewhere).
So Evan, the best thing to do is to add some custom header to all your outbound email (or examine your outbound email for some identifying characteristic that you can filter on). Then, when you get a bounce to your account from MAILER-DAEMON@ or postmaster@ which does NOT include the identifying characteristic in the body of the bounce, you can toss it away.
I did see a good way of dealing with this recently, but I didn't pay much attention as it isn't a big problem for me. However, the gist of it is to set whatever header on your outgoing mail that tells servers legitimately bouncing your mail to return it to another (bounce-only) address. The false bounces will go to your normal address, so you can just filter them. As I say, that's just the gist of it...
Catches most of it. I still get a lot of auto-responders and "If this isn't spam reply to this address and your message will be allowed." Sometimes I get annoyed at those sorts of auto-responders and actually reply.
It really sucks when spammers abuse your domain name. They've been doing it to me for more than a year now.