You're not the only one. As of the last day or two we've seen a number of fake efax.com messages getting through.
Does anyone have a legitimate subscription to efax.com so that we can compare headers and see if there is an obvious regex for this? I first spotted this because a client was running a dnsbl using abuseat on their Exchange box and that blocked the messages but we have had problems with abuseat blocking legitimate mail so don't use it. All suspect messages seem to have the subject "Corporate eFax message X pages" so I'll add the first three words as a regex and see how it goes. All the best, Colin Waring. On 17/08/2012 00:27, Daniel L. Miller wrote: > I'm starting to get some messages from someone spoofing efax.com. As I > actually use their service, I do need to receive their messages. How > can I block these? > > The spoofed messages show a valid efax.com sender address, a garbage > HELO, are actually sending to a spamtrap address (unfortunately I'm > using a recipient re-write rule for efax.com senders so I'm now starting > to see this crap) and are not using a efax.com mail server. > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
