|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
28 Apr 2016, 06:54 AM | #1 |
Junior Member
Join Date: Jun 2013
Posts: 25
|
Spike in amount of backscatter spam in inbox
I have received several false "delivery status notifications" (with fake forged addresses from domains I manage through FM) in the past hour that show as recognized backscatter in the header but still arrive in my inbox.
My spam level is set at Standard (always block messages from known insecure email hosts/relays; move message to Spam when score is 5+; discard when score is 10+; add score as {spam xx.x} when 5+) Is anyone else experiencing an inbox influx of backscatter spam? Or, regular spam in the inbox, for that matter. Seems to be on the rise again over the past few weeks. (I didn't realize 419 scammers were still so active!) |
28 Apr 2016, 07:09 AM | #2 | |
Essential Contributor
Join Date: Dec 2006
Location: UK
Posts: 392
|
Quote:
|
|
28 Apr 2016, 07:21 AM | #3 |
Cornerstone of the Community
Join Date: Jul 2004
Location: Manila
Posts: 509
|
Same here, but my finely tuned spam folder is not catching them in most cases. They are using spoofed subdomains of FastMail domains that I use.
|
28 Apr 2016, 07:56 AM | #4 |
Cornerstone of the Community
Join Date: Apr 2004
Location: Melbourne
Posts: 971
Representative of:
Fastmail.fm |
Make sure you have backscatter protection turned on in Settings -> Spam Protection (click the Show Advanced link).
|
28 Apr 2016, 08:16 AM | #5 |
Junior Member
Join Date: Jun 2013
Posts: 25
|
Thanks, Neil. I thought I'd had it set to send backscatter to the Spam folder; apparently I didn't. Thanks to everyone else for your replies as well!
|
28 Apr 2016, 09:19 AM | #6 |
Cornerstone of the Community
Join Date: Jul 2004
Location: Manila
Posts: 509
|
I know for a fact that I had it enabled before the Settings screen update, but when I checked just now, it was not enabled. FYI. BTW, is it better to set to discard or put it in my Spam folder? I don't want it to upset the fine tuning of my spam filter.
|
28 Apr 2016, 01:45 PM | #7 |
Member
Join Date: Feb 2014
Posts: 56
|
I am having the same thing. Why is this impacting all of us on Fastmail? I've never had this issue before.
Also, do we need to do anything with our SPF or DKIM to stop this? |
28 Apr 2016, 03:17 PM | #8 |
Essential Contributor
Join Date: Aug 2004
Location: Japan
Posts: 226
|
I'm getting a lot of backscatter too. Could have sworn I had backscatter protection set up, but looking at my settings I saw that it was turned off. I hope turning it back on fixes the issue.
|
28 Apr 2016, 04:09 PM | #9 |
Essential Contributor
Join Date: Jul 2013
Location: Germany
Posts: 251
|
I've not realized yet that there are advanced settings.
So, what to put in that 'Trusted Hosts' field exactly? E.g., I'm forwarding mail from my icloud.com address to fastmail. In the raw message view, I can find 'Received' headers containing icloud.com, me.com and apple.com as well. So put all those three domains as trusted host? Same is with gmail, you can find gmail.com as well as google.com headers. Any suggestions? Thanks, Michael |
28 Apr 2016, 07:08 PM | #10 |
Essential Contributor
Join Date: Dec 2006
Location: UK
Posts: 392
|
Wow, I had a snowstorm of these this morning. I've set up DMARC on the domains affected and the reports are coming in thick and fast. I've also temporarily changed the SPF record to -all as I only use FM for email.
|
29 Apr 2016, 01:06 AM | #11 |
Master of the @
Join Date: Sep 2004
Posts: 1,583
|
Huge amount of these in the last 48 hours but worryingly, while they were all initially sent from a faked alias of a number of my addresses, some were from aliases I've never even sent email from. I do hope there's not been some sort of breach during which said aliases were harvested.
|
29 Apr 2016, 01:46 AM | #12 |
Junior Member
Join Date: Jun 2013
Posts: 25
|
I've received 29 more of these since I posted yesterday, 19 of which arrived this morning. Most are routed to Spam since re-enabling backscatter protection, but not all.
The forged return address format follows a specific pattern in each one: Firstname Lastname and a 3 or 4 digit number. They reference an "invoice" and usually have an attachment. I'm worried that my domains, which I use solely for personal email, will end up being blacklisted. Btw, I have two new domains which have not yet been used to send/receive mail and those have not seen any backscatter activity. It's the domains I use for public posting on listservs and forums that have been involved (so hopefully it's just bad actors webscraping addresses and not a breach within FM itself.) |
29 Apr 2016, 02:51 AM | #13 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
It is sending servers, not domains, that get blacklisted, so that concern (at least) should be groundless.
|
29 Apr 2016, 03:15 AM | #14 | |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,945
|
Really?
From the Spamhaus site: Quote:
|
|
29 Apr 2016, 06:37 AM | #15 | |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
See https://www.spamhaus.org/faq/section/Spamhaus%20DBL#282.
Quote:
|
|