Russ, I would echo that. We have 2 mail servers - one that handles actual mailboxes and one used for relay only that is only accessible "inside" our network (so the web servers can use it). SPF or the SPID are going to end up being the only things that "really" stop this sort of thing. When big mail providers like Yahoo and Hotmail start failing to deliver mail due to SPF or SPID then everyone will have to get on board. Compliance "critical mass" is what will eventually solve this problem - then we can move on to all the others (ha).
-mark -----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: Sunday, July 02, 2006 5:24 AM To: CF-Talk Subject: RE: How do "Phishermen" send an email from a legitimate domain? Unfortunately that causes other problems. Customer has mydomain.com with several other domains aliased to it, not to mention email aliases. Enforcing that only the login mailbox name can be used as the from address, which causes more complaints from customers who want to use their aliases. This is also not a good solution for sending mail from web sites. If you force customers to send mail form their web site through their own mailbox, then you are putting a huge amount of extra load on your client pop/smtp server and slows mail down, especially when they do huge mail shots. We have a dedicated SMTP server which is used ONLY by the web servers for relaying mail. It allow sonly our web servers to relay through it and is thus open to them. Often when customers send email form web sites they send from an address such as INFO or SALES which is usually a MRA/List/forwarder, so the "SENDER must match the authenticated mailbox name" wont work here either. Of course this would only stop your customers doing naughty things anyway, it doesn't stop anyone else doing it to you or your email address. And invariably the spammers and phishers will have their own mail server anyway, so can do whatever they want. All you need is an ADSL line and an SMTP server. Snake -----Original Message----- From: John C. Bland II [mailto:[EMAIL PROTECTED] Sent: 02 July 2006 07:35 To: CF-Talk Subject: Re: How do "Phishermen" send an email from a legitimate domain? The easy way is to enforce no relays or similar. We require authentication so you can't send an email from a bum address and you can't send without a password (even from web sites) OR being on our server during send. SPF is a great thing to have as well but you should enforce as much security as possible. On 7/1/06, Snake <[EMAIL PROTECTED]> wrote: > > You could employ SPF on your domain, so any ISP that enforces SFP > checking will then make sure that emails from your domain came form > allowed IP address. So any mail sent by spammers and phishers will not > get through. > > Snake > > > -----Original Message----- > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > Sent: 01 July 2006 17:34 > To: CF-Talk > Subject: RE: How do "Phishermen" send an email from a legitimate domain? > > So, I guess, in the end, there is no way to prevent email from being > sent from my own domain... > > > > -----Original Message----- > From: Snake [mailto:[EMAIL PROTECTED] > Sent: Saturday, July 01, 2006 12:13 PM > To: CF-Talk > Subject: RE: How do "Phishermen" send an email from a legitimate domain? > > Open outlook, goto tools -> email accounts Select one of your email > accounts to edit. > Change the from address to [EMAIL PROTECTED] > > Or create a CFM page to send an email. > Set the from address as "[EMAIL PROTECTED]" > > There you go. > > The from address you send an email from can be anything you like, this > has nothing to do with the mail server, which only validates the > acocunt you are logging into to send the email. > > Snake > > > -----Original Message----- > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > Sent: 01 July 2006 16:18 > To: CF-Talk > Subject: OT: How do "Phishermen" send an email from a legitimate domain? > > Good morning, all. > > I, like many others, get phishing emails frequently, and can catch the > spoof simply by looking at the hyperlinks of addresses.such as > [EMAIL PROTECTED], which going to [EMAIL PROTECTED], > but my question is: > > How can a phishing email be sent from [EMAIL PROTECTED] ? How can > the PayPal.com domain be used if their email servers are set up correctly? > > I ask because I get phishing email sent to me using my own domain > frequently, but I assume I haven't got everything set up perfectly, > nor do I know how. > It's > not too bad to live with at this point. I just wonder how that can do > that with PayPal's domain, as well. > > Rick > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:245254 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
