I've been getting an incredible amount of junk bounce messages from email worms. These usually come from the worm sending a message with my email in the From field and a bogus address in the To field. The receiving mail server dutifully returns the message to me, as if I had sent it. I quickly got tired of manually inspecting and deleting these, so I set up a procmail rule to route them to a 'bounce' folder:
* ^Return-Path: (<>|MAILER-DAEMON@)
After setting this up I never really looked in that folder, so I would miss the possibility of receiving a legitimate bounce message (for example, if a message I actually sent was undeliverable for some reason). After reading about Sender Rewriting Scheme, I figured I could rig up something similar that would help (in a simple way, without implementing full SRS).
I changed my .muttrc such that the Envelope-From on outgoing mail is now email@example.com:
set sendmail="/usr/lib/sendmail -firstname.lastname@example.org"
I actually used a different word than foo above but I'm not going to mention it here. If an email worm were to pick up that address off this page, this whole scheme would be defeated. When setting this up you can use any word you want.
Then I changed my procmail rule to also check bounce messages addressed to my normal address:
* ^Return-Path: (<>|MAILER-DAEMON@) * ^TO_greg@hewgill.com
In this way, only fake bounce messages that are addressed to my normal address (and are thus worm-generated) get shuffled off to the 'bounce' folder. Any bounce message that I legitimately receive as a result of a message I actually sent, will be addressed to email@example.com instead, and will not be matched by the above rule. So, they will end up in my normal inbox as they should.
Initial tests show that this is working great. If for some reason a worm discovers the SRS-style Envelope-From address I am using and starts sending me fake bounce messages to that address, I can easily change it to something else.
Fighting spam and worm mail is taking up a nontrivial amount of my time these days, hopefully this will help reduce that time.