Any way to block incoming spam that generates backscatter?

My Discourse installation is getting a TON (10-50 incoming messages per hour) of spam aimed at the submission address for the site’s main category, which is also used heavily by members of the site (it’s a conversion of a mailing list, and it wasn’t a popular move to start with, so I don’t want to turn email submission off or change the address if I can avoid it).

These messages are inscrutable in that they have no body, so my Error Log is full of stuff like the transcript appended. It all comes in via SendGrid, which we’re using to handle email for Discourse. Apart from the fact that it’s generating a lot of traffic for Discourse, it’s also filling SendGrid’s Bounce Suppression list with hundreds of addresses, presumably due to Discourse bouncing the message back with the NoBodyDetectedError.

Is there any way to stop this? If this was sendmail or the like, there would be some sort of filtering. But with SendGrid, its Incoming Parse screen says it forwards to all addresses and while the Spam Check option is on, it’s clearly not helping. And in Discourse, I can’t see any way to filter the incoming mail or prevent it from bouncing these addresses back to SendGrid.

For what it’s worth, they’re nearly all random numbers at qq.com.

Thanks for any help!

Email can not be processed: Email::Receiver::NoBodyDetectedError Received: by mx0029p1las1.sendgrid.net with SMTP id k7DWxLa7FB Thu, 13 Dec 2018 16:33:29 +0000 (UTC) Received: from chncup.com (unknown [183.165.31.1]) by mx0029p1las1.sendgrid.net (Postfix) with SMTP id D13687C0A15 for <tidbits-talk@talk.tidbits.com>; Thu, 13 Dec 2018 16:33:28 +0000 (UTC) Received: from chncup.com (unknown (254.16.51.165]) by chncup.com with SMTP id f6b46961-aa47-4a0f-8328-50d7205fe99a; for <1019271239@qq.com>;Fri, 14 Dec 2018 00:33:27 +08:00 Message-ID: <2957f5c00276097eaa31767f32fa815f@qq.com> From: "=?utf-8?B?5oiQ6Iq5?=" <1019271239@qq.com> To: <tidbits-talk@talk.tidbits.com> Subject: =?utf-8?B?NzQ1OTjvvLbvvKnOoeWEqui2iuacg+OAkDE5Nzk4NOOAgUNPTeOAkSzlpKnlpKk=?= =?utf-8?B?5Y+N5rC05peg5LiK6ZmQLOiou+WGjOmAgeS8jeWFq+Wckyzmi7XmrLU=?= =?utf-8?B?6YCB56mN5rG+77yM5bi25aaz546p6YGN5LiX55WM5ZCE5Zyw?= =?utf-8?B?77yB5bCI5ZOhUe+8mjI5MSAyMTIgMDI4?= Date: Fri, 14 Dec 2018 00:33:27 +0800 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Disposition-Notification-To: 1019271239@qq.com

Block the qq domain. We actually had to do this here on meta, as @jomaxro can attest.

1 Like

Ah! I hadn’t found the email domains blacklist setting before—searching on the wrong thing apparently. I’ll give it a try.

1 Like

No, you need to block these unwanted incoming emails at the email server level. Discourse settings won’t help.

Hmm, that may be easier said than done, given that all mail is being handled by SendGrid, which isn’t a standard email server.