Billy Moon asked:
I receive Mailer Daemon messages saying certain emails fail. My domain is
itaccess.org which is administered by Google apps. Is there any way I can identify who is sending emails from my domain, and how they are doing it without me creating an account for them?
Delivered-To: [email protected] Received: by 10.142.152.34 with SMTP id z34csp12042wfd; Wed, 8 Aug 2012 07:12:46 -0700 (PDT) Received: by 10.152.112.34 with SMTP id in2mr18229790lab.6.1344435165782; Wed, 08 Aug 2012 07:12:45 -0700 (PDT) Return-Path: <[email protected]> Received: from smtp-gw.fsdata.se (smtp-gw.fsdata.se. [18.104.22.168]) by mx.google.com with ESMTP id b9si24888989lbg.77.2012.08.08.07.12.44; Wed, 08 Aug 2012 07:12:45 -0700 (PDT) Received-SPF: neutral (google.com: 22.214.171.124 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=126.96.36.199; Authentication-Results: mx.google.com; spf=neutral (google.com: 188.8.131.52 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected] Received: from www20.aname.net (www20.aname.net [184.108.40.206]) by smtp-gw.fsdata.se (8.14.3/8.13.8) with ESMTP id q78EChia020085 for <[email protected]>; Wed, 8 Aug 2012 16:12:43 +0200 Received: from www20.aname.net (localhost [127.0.0.1]) by www20.aname.net (8.14.3/8.14.3) with ESMTP id q78ECgQ1013882 for <[email protected]>; Wed, 8 Aug 2012 16:12:42 +0200 Received: (from [email protected]) by www20.aname.net (8.14.3/8.12.0/Submit) id q78ECgKn013879; Wed, 8 Aug 2012 16:12:42 +0200 Date: Wed, 8 Aug 2012 16:12:42 +0200 Message-Id: <[email protected]> To: [email protected] References: <[email protected]> In-Reply-To: <[email protected]> X-Loop: [email protected] From: [email protected] Subject: whao.se: kontot avstängt - account closed X-FS-SpamAssassinScore: 1.8 X-FS-SpamAssassinRules: ALL_TRUSTED,DCC_CHECK,FRT_CONTACT,SUBJECT_NEEDS_ENCODING Detta är ett automatiskt svar från F S Data - http://www.fsdata.se Kontot för domänen whao.se är tillsvidare avstängt. För mer information, kontakta [email protected] Mvh, /F S Data ----- This is an automatic reply from F S Data - http://www.fsdata.se The domain account "whao.se" is closed. For further information, please contact [email protected] Best regards, /F S Data
An idea not yet mentioned is to reject the backscatter. All of it that I’ve seen comes through open mail relays, and there are two blackhole lists which you may find useful for reducing the amount of backscatter you receive.
Backscatterer is a DNSBL which explicitly lists SMTP servers that send backscatter and sender callouts.
RFC-Ignorant is a DNSBL which lists SMTP servers that do not obey various important RFCs.
Adding these in (along with several other more traditionally focused BLs) reduced the amount of backscatter that I receive by over 90%.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.