What I said was: >SPF is not a solution if you support users who forward email, as >forwarding breaks SPF.
I didn't say SPF was a bad solution for everyone. And the real problem is people who sign up for mailing lists using an email address that exists only to forward to their real address. I wish I could prevent those kinds of accounts from being subscribed, but alas ... Jeff Hitchcock - [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Sent: Tuesday, May 03, 2005 12:04 AM To: [email protected] Subject: Re: [IMail Forum] Spoof problem? You may not think SPF is a solution, but thousands of other mail admins do. It's for this very reason that it'll help his problem. It doesn't sound like he has a very complicated userbase, most of his users are probably SMTP AUTHing their mail. I know the catches with forwards, but it really doesn't sound like he'd run into any of these quirks. Just blatantly saying "it has some problems, it's a bad solution" doesn't help HIM any. Jonathan Jeff Hitchcock wrote: >SPF is not a solution if you support users who forward email, as >forwarding breaks SPF. > >The current problem is a new virus or repeat of an old virus that >includes a ZIP file with a virus. Just started up again today. Seen a >bunch, filtering on body content is easy. > >Jeff Hitchcock - [EMAIL PROTECTED] > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Jonathan >Sent: Monday, May 02, 2005 7:51 PM >To: [email protected] >Subject: Re: [IMail Forum] Spoof problem? > >The one thing that you can do, is set SPF DNS records up on your >domains. While this doesn't stop anything, it will at least let >SPF-configured mail servers block these before they can even be sent >(and long before the bounce). I'd say it's worth doing, to save you some > >hassle. Eventually end-users maybe try to pursue you, thinking you sent >'em, and you'll have to do the whole education thing with each of them. > >Jonathan > >Cameron Biggart wrote: > > > >>Todd Richards wrote: >> >> >> >>> >>>I've got an email address that I'm receiving "mail delivery failed" >>>messages >>>to - the problem is that I didn't send them. It appears that it is >>>being >>>used to spoof messages with virus attachments. It is a business >>>address, so >>>the image is not particularly favorable. I have not received this >>>before >>>today, and this is the second one (the first was a single email >>>address). >>>I'm assuming either my time has finally come, or someone is making an >>> >>> > > > >>>effort >>>to exploit me. >>> >>>SMTP Security settings for this server are: >>>Mail Relay Options: relay for local users only >>>Allow remote mail to local groups (checked) >>>Check valid sender (checked) Auto-deny possible hack attempts >>> >>> >(checked) > > >>>Disable SMTP "VRFY" command (checked) >>> >>>Any thoughts on what I should do? The returned message shows about >>>25 email >>>addresses that were "invalid" so it is getting sent to a lot of >>> >>> >people. > > >>>Thanks for your help. >>> >>>Todd >>> >>> >>> >>> >>Todd >> >>Chances are the mails are not even originating at your server so your >>security settings are going to have absolutely no effect. The trouble >>is, and this may come as a surprise, the sort of people who send these >> >> > > > >>types of unsavory messages are not always honest (I know the shock of >>it all) and as a result don't always use their own email address in >>the sender or reply-to fields. >> >>If you still have the failure message and it still has the headers of >>the original message in it you can look back through the 'received by' >> >> > > > >>headers to get the IP address or server name that the message was sent >> >> > > > >>from (this may also be forged). >> >>Once you have done this and confirmed that it was not your mail server >> >> > > > >>that the message originated from you can sit back, relax, have a drink >> >> > > > >>and quietly seethe at the damage these less than honest people are >>doing to the reputation of the e-mail address associated with the >>unsavory mail because there is just about nothing else you can do and >>absolutely no way to stop them using your address unless you can >>physically find them. >> >>The good news is though that this sort of thing usually stops on its >>own when the people sending the mail decide to either pick on someone >>else (if it's a malicious attack) or change email addresses because >>yours is being blocked by too many people now. >> >>Sorry for the bad news. >> >> >> > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
