You may not think SPF is a solution, but thousands of other mail admins
do. It's for this very reason that it'll help his problem. It doesn't
sound like he has a very complicated userbase, most of his users are
probably SMTP AUTHing their mail. I know the catches with forwards, but
it really doesn't sound like he'd run into any of these quirks. Just
blatantly saying "it has some problems, it's a bad solution" doesn't
help HIM any.
Jonathan
Jeff Hitchcock wrote:
SPF is not a solution if you support users who forward email, as
forwarding breaks SPF.
The current problem is a new virus or repeat of an old virus that
includes a ZIP file with a virus. Just started up again today. Seen a
bunch, filtering on body content is easy.
Jeff Hitchcock - [EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonathan
Sent: Monday, May 02, 2005 7:51 PM
To: [email protected]
Subject: Re: [IMail Forum] Spoof problem?
The one thing that you can do, is set SPF DNS records up on your
domains. While this doesn't stop anything, it will at least let
SPF-configured mail servers block these before they can even be sent
(and long before the bounce). I'd say it's worth doing, to save you some
hassle. Eventually end-users maybe try to pursue you, thinking you sent
'em, and you'll have to do the whole education thing with each of them.
Jonathan
Cameron Biggart wrote:
Todd Richards wrote:
I've got an email address that I'm receiving "mail delivery failed"
messages
to - the problem is that I didn't send them. It appears that it is
being
used to spoof messages with virus attachments. It is a business
address, so
the image is not particularly favorable. I have not received this
before
today, and this is the second one (the first was a single email
address).
I'm assuming either my time has finally come, or someone is making an
effort
to exploit me.
SMTP Security settings for this server are:
Mail Relay Options: relay for local users only
Allow remote mail to local groups (checked)
Check valid sender (checked) Auto-deny possible hack attempts
(checked)
Disable SMTP "VRFY" command (checked)
Any thoughts on what I should do? The returned message shows about
25 email
addresses that were "invalid" so it is getting sent to a lot of
people.
Thanks for your help.
Todd
Todd
Chances are the mails are not even originating at your server so your
security settings are going to have absolutely no effect. The trouble
is, and this may come as a surprise, the sort of people who send these
types of unsavory messages are not always honest (I know the shock of
it all) and as a result don't always use their own email address in
the sender or reply-to fields.
If you still have the failure message and it still has the headers of
the original message in it you can look back through the 'received by'
headers to get the IP address or server name that the message was sent
from (this may also be forged).
Once you have done this and confirmed that it was not your mail server
that the message originated from you can sit back, relax, have a drink
and quietly seethe at the damage these less than honest people are
doing to the reputation of the e-mail address associated with the
unsavory mail because there is just about nothing else you can do and
absolutely no way to stop them using your address unless you can
physically find them.
The good news is though that this sort of thing usually stops on its
own when the people sending the mail decide to either pick on someone
else (if it's a malicious attack) or change email addresses because
yours is being blocked by too many people now.
Sorry for the bad news.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
