Options for email address that has been "spoofed"

[sadams@bigrocksports.com]

ZCS 6.0.6

We have a user whose email address has been spoofed. We use Message Labs for additional SPAM filtering and they have determined this is what has happened.

This user gets 30-40 bounces a day. I know we could change her email address, but that is a last resort as she has been with the company a long time.

Here is the gist of Message Labs response:

"If you are receiving unwanted bounce mails, you can now stop them by some simple filtering either on your mail server or in your end users' mail clients. The exact method of doing this will vary from server to server and client to client. We mark mails that appear to be bounces or NDRs with a special rule, ML_IS_POSSIBLE_BOUNCE. This rule, along with other rules that the message matches, will be in the X-SpamReason header of the message. Therefore, your filter should look for ML_IS_POSSIBLE_BOUNCE anywhere in the message's X-SpamReason header."

Will someone please comment on this and either let me know how to setup this filter or suggest other options?

Thanks.

[LMStone]

Backscatter to innocent victims is a problem, but you can add some header checks to Postfix to block this:

See Postfix Backscatter Howto for more info on how to do this "the Postfix way".

Hope that helps,
Mark