Mike Morris writes "Google email servers are responsible for a large volume of backscatter email. No recipient validation is being performed for the domains googlegroups.com and blogger.com (possibly for other Google domains as well, but these two have been confirmed). Consequently spammers are able to launch dictionary attacks against these domains using forged envelope sender addresses. The owners of these forged addresses are then inundated with the bounce messages generated by the Google mail servers. The proper behavior would be for the Google mail servers to reject email traffic to non-existent users during the initial SMTP transaction.
This can be tested by sending an email to a completely bogus email address in either of the two domains mentioned above. A bounce message generated by a Google mail server will almost immediately be sent back to the sending address.
This is a pretty serious issue IMO. It seems irresponsible for Google to mis configure their mail servers in such a way as to contribute, on a large scale, to the spam problem. Furthermore, attempts at contacting them via abuse@google.com and postmaster@google.com have gone unanswered for quite some time. Only automated responses are received which say Google isn't doing anything wrong."
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Confirmed (Score:1)
http://tech.groups.yahoo.com/group/postfix-users/messages/235633?threaded=1&m=e&var=1&tidx=1 [yahoo.com]