client-side filtering of backscatter spam?

[bhackett]

Hi, in the past few days I have been getting a lot of identical bounce messages where someone forged my address as the 'From:' field. These appear as messages in my inbox with 'Undelivered Mail Returned to Sender' as the 'subject' field and 'Mail Delivery System' (MAILER-DAEMON@<my-domain>) as the 'from' field, with a short body indicating nondelivery and the forged email attached.

I'm using the Zimbra webmail client (unknown version), and am trying to filter these messages out. I have tried filtering on the 'from' field, subject field (I don't care if this filters out all bounce messages, not just spam), the contents of the body or the contents of the attached message. None of these work.

What it looks like is that bounce messages from MAILER-DAEMON bypass the filters entirely. Is this the case? I'm guessing (but don't know) the backend server is also Zimbra and have no idea what settings it is using. I recognize the way to get these issues resolved is probably 'Contact your email server administrator,' but not being able to filter all inbox messages with the incoming message filters is counterintuitive behavior. Is this behavior intentional?

Thanks,

Brian Hackett

[phoenix]

There's no way to stop this kind of spam in your inbox because the mail is being delivered to the 'correct' person, i.e. you. The only method to stop backscatter (or NDR) spam is on the server itself and you should inform your mail administrator about this.

[deepblue]

There's no way to stop this kind of spam in your inbox because the mail is being delivered to the 'correct' person, i.e. you. The only method to stop backscatter (or NDR) spam is on the server itself and you should inform your mail administrator about this.

Hi phoenix,

I have 2 comments on that. The first is, that you say, that the backscatter/NDR should be stoped on the server itself.
I would like to know, how this could be done as I think it is exceptionally difficult to stop backscatter on the server....

The second comment is: there are at least some chances to filter backscatter on the account level:
Create a Mail Filter, select "Header Named" insert "return-path" and select "does not exist" and put all matching mails
in the Trash folder and do not apply any additional filters.
This filter will match on any Bounce/NDR - not only on the backscatter.
You will see, that this filter works pretty well - not perfect though...

The idea behind the filter is, that Bounces/NDRs provide an empty (<>) envelope-From address to make it
impossible to generate a NDR for a NDR (which could lead to infinitive NDR-loops). But there are so many broken
SMTP engines out there, that generate broken NDRs which will not be cought by that filter.

Regards
Thomas