Billy Moon asked:
I receive Mailer Daemon messages saying certain emails fail. My domain is
itaccess.org which is administered by Google apps. Is there any way I can identify who is sending emails from my domain, and how they are doing it without me creating an account for them?
Delivered-To: firstname.lastname@example.org Received: by 10.142.152.34 with SMTP id z34csp12042wfd; Wed, 8 Aug 2012 07:12:46 -0700 (PDT) Received: by 10.152.112.34 with SMTP id in2mr18229790lab.6.1344435165782; Wed, 08 Aug 2012 07:12:45 -0700 (PDT) Return-Path: <email@example.com> Received: from smtp-gw.fsdata.se (smtp-gw.fsdata.se. [220.127.116.11]) by mx.google.com with ESMTP id b9si24888989lbg.77.2012.08.08.07.12.44; Wed, 08 Aug 2012 07:12:45 -0700 (PDT) Received-SPF: neutral (google.com: 18.104.22.168 is neither permitted nor denied by best guess record for domain of firstname.lastname@example.org) client-ip=22.214.171.124; Authentication-Results: mx.google.com; spf=neutral (google.com: 126.96.36.199 is neither permitted nor denied by best guess record for domain of email@example.com) firstname.lastname@example.org Received: from www20.aname.net (www20.aname.net [188.8.131.52]) by smtp-gw.fsdata.se (8.14.3/8.13.8) with ESMTP id q78EChia020085 for <7E949BA@itaccess.org>; Wed, 8 Aug 2012 16:12:43 +0200 Received: from www20.aname.net (localhost [127.0.0.1]) by www20.aname.net (8.14.3/8.14.3) with ESMTP id q78ECgQ1013882 for <7E949BA@itaccess.org>; Wed, 8 Aug 2012 16:12:42 +0200 Received: (from whao@localhost) by www20.aname.net (8.14.3/8.12.0/Submit) id q78ECgKn013879; Wed, 8 Aug 2012 16:12:42 +0200 Date: Wed, 8 Aug 2012 16:12:42 +0200 Message-Id: <201208081412.q78ECgKn013879@www20.aname.net> To: 7E949BA@itaccess.org References: <20120808171231.CAC5128A79D815BC08430@USER-PC> In-Reply-To: <20120808171231.CAC5128A79D815BC08430@USER-PC> X-Loop: email@example.com From: MAILER-DAEMON@whao.se Subject: whao.se: kontot avstängt - account closed X-FS-SpamAssassinScore: 1.8 X-FS-SpamAssassinRules: ALL_TRUSTED,DCC_CHECK,FRT_CONTACT,SUBJECT_NEEDS_ENCODING Detta är ett automatiskt svar från F S Data - http://www.fsdata.se Kontot för domänen whao.se är tillsvidare avstängt. För mer information, kontakta firstname.lastname@example.org Mvh, /F S Data ----- This is an automatic reply from F S Data - http://www.fsdata.se The domain account "whao.se" is closed. For further information, please contact email@example.com Best regards, /F S Data
An idea not yet mentioned is to reject the backscatter. All of it that I’ve seen comes through open mail relays, and there are two blackhole lists which you may find useful for reducing the amount of backscatter you receive.
Backscatterer is a DNSBL which explicitly lists SMTP servers that send backscatter and sender callouts.
RFC-Ignorant is a DNSBL which lists SMTP servers that do not obey various important RFCs.
Adding these in (along with several other more traditionally focused BLs) reduced the amount of backscatter that I receive by over 90%.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.