Re: Bounced messages for email from forged email addresses for a hosted domain - need opinions
I think you've just proved my point. It's too hard to try and determine who to contact in these situations Do it like Spamcop does with SPAM: Contact *everybody* in the chain, and complain to them. Some sort of SPFcop would be nice for that.. cat /var/log/maillog | pflogsumm -d today | sendmail -f pflogsumm postmaster hard to follow :-) hope more postmasters will do this and act on it
Bounced messages for email from forged email addresses for a hosted domain - need opinions
Does it do any good to complain to the ISP that accepted the original email with a forged email address that uses a domain name that I administer? I administer a number of domain names that are being used in the forged email addresses for spam that is sent to recipients on other servers. Some people call this a JoeJob. Obviously, I can't prevent this, although I can use SPF with HARDFAIL to help the recipient server identify that the email address has been forged. The problem is that my server receives numerous bounced messages from the recipient servers because the recipients do not exist or do not accept the spam. Of course, I can reject or delete the bounced messages if the forged email address does not exist. However, I would like to be more proactive and complain to the ISP that accepted the original email. The bounced message often includes the Full Headers for the original email message. Most of these emails originate on many different IP Addresses. I assume that these machines are zombies or part of a network of machines that spammers control. Will the ISP take action if they receive a complaint? The ISPs are all of the world, not concentrated in one region or country. Jim - Jim Hermann [EMAIL PROTECTED] UUism Networks http://www.UUism.net Ministering to the Needs of Online UUs Web Hosting, Email Services, Mailing Lists -
Re: Bounced messages for email from forged email addresses for a hosted domain - need opinions
On 25-Jun-06, at 12:58 PM, "Jim Hermann - UUN Hostmaster" [EMAIL PROTECTED] wrote:Does it do any good to complain to the ISP that accepted the original emailwith a forged email address that uses a domain name that I administer?I administer a number of domain names that are being used in the forgedemail addresses for spam that is sent to recipients on other servers. Somepeople call this a JoeJob. Obviously, I can't prevent this, although I canuse SPF with HARDFAIL to help the recipient server identify that the emailaddress has been forged.The problem is that my server receives numerous bounced messages from therecipient servers because the recipients do not exist or do not accept thespam. Of course, I can reject or delete the bounced messages if the forgedemail address does not exist.However, I would like to be more proactive and complain to the ISP thataccepted the original email. The bounced message often includes the FullHeaders for the original email message. Most of these emails originate onmany different IP Addresses. I assume that these machines are zombies orpart of a network of machines that spammers control. Will the ISP takeaction if they receive a complaint? The ISPs are all of the world, notconcentrated in one region or country.Jim-Jim Hermann [EMAIL PROTECTED]UUism Networks http://www.UUism.netMinistering to the Needs of Online UUsWeb Hosting, Email Services, Mailing Lists Personally, nowadays I believe bouncing messages back to the alleged sender is a waste of resources and bandwidth with the amount of forgery going on. I wish that admins would configure their servers to stop that practice. Complaining to those admins I'm afraid will be an exercise in futility as trying to reach the right person will be nearly impossible and risks becoming a full time job in itself. My vote would be for setting SPF for HARDFAIL as soon as is feasible, after all dealing with forgery is what SPF was designed for. Sure, unless those ISPs are checking against SPF it may not help but that situation is getting better all the time as more and more SPF is being deployed. --Gino CerulloPixel Point Studios21 Chesham DriveToronto, ON M3M 1W6T: 416-247-7740F: 416-247-7503
Re: Bounced messages for email from forged email addresses for a hosted domain - need opinions
On Sun, 25 Jun 2006, Gino Cerullo wrote: Does it do any good to complain to the ISP that accepted the original email with a forged email address that uses a domain name that I administer? Personally, nowadays I believe bouncing messages back to the alleged sender That's not what he's asking. He wants to know whether asking ISPs to implement SPF checks (where they don't yet check SPF) will work. My vote would be for setting SPF for HARDFAIL as soon as is feasible, after all dealing with forgery is what SPF was designed for. Sure, unless those ISPs are checking against SPF it may not help but that situation is getting better all the time as more and more SPF is being deployed. So how do we increase the use of SPF checks? -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...every time I sit down in front of a Windows machine I feel as if the computer is just a place for the manufacturers to put their advertising. -- fwadling on Y! SCOX --
Re: Bounced messages for email from forged email addresses for a hosted domain - need opinions
On 25-Jun-06, at 5:51 PM, John D. Hardin wrote: On Sun, 25 Jun 2006, Gino Cerullo wrote: Does it do any good to complain to the ISP that accepted the original email with a forged email address that uses a domain name that I administer? Personally, nowadays I believe bouncing messages back to the alleged sender That's not what he's asking. He wants to know whether asking ISPs to implement SPF checks (where they don't yet check SPF) will work. I'm not convinced that is what he meant but he wasn't clear about it so I wont argue with you on that point. I still think trying to contact those ISPs directly will be an exercise in futility but if he wants to try it certainly wont hurt. My vote would be for setting SPF for HARDFAIL as soon as is feasible, after all dealing with forgery is what SPF was designed for. Sure, unless those ISPs are checking against SPF it may not help but that situation is getting better all the time as more and more SPF is being deployed. So how do we increase the use of SPF checks? Ahhh! The million dollar question and one probably better suited to the SPF mailing lists...but since you asked. Evangelize. If you believe in a technology and it's benefits talk to people about it and hopefully your passion will rub off on them and they will turn around and do the same. Word-of-mouth is one of the best ways to spread...well...'The Word' but it works best when you are talking to people who value your opinion or at least are asking for it directly. That's why I feel an email from a stranger on the other side of the world whose tired of dealing with you bouncing messages back to him probably will have little influence. Although, it may make the person on the other side of that email aware of a tech they may not otherwise be aware of, that's why I also say it couldn't hurt. -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 T: 416-247-7740 F: 416-247-7503
RE: Bounced messages for email from forged email addresses for a hosted domain - need opinions
Personally, nowadays I believe bouncing messages back to the alleged sender That's not what he's asking. He wants to know whether asking ISPs to implement SPF checks (where they don't yet check SPF) will work. I'm not convinced that is what he meant but he wasn't clear about it so I wont argue with you on that point. There are at least two ISPs involved: Spammer A = SMTP Server B = Recipient Server C = (Bounce) = Forged Email Server D As the Email Server D, I was asking about complaining to SMTP Server B, since Spammer A was probably an authenticated user. I already use SPF HARDFAIL, so I could ALSO complain to Recipient Server C about NOT using SPF to reject the email from SMTP Server B. Jim
Re: Bounced messages for email from forged email addresses for a hosted domain - need opinions
On 25-Jun-06, at 7:22 PM, John D. Hardin wrote: On Sun, 25 Jun 2006, Jim Hermann - UUN Hostmaster wrote: There are at least two ISPs involved: Spammer A = SMTP Server B = Recipient Server C = (Bounce) = Forged Email Server D I don't think that's the case for most spam these days. For a spambotnet of compromised home systems, you'll see: Spambot A = Recipient Server C = (Bounce) = Forged Email Server D I think you've just proved my point. It's too hard to try and determine who to contact in these situations I already use SPF HARDFAIL, so I could ALSO complain to Recipient Server C about NOT using SPF to reject the email from SMTP Server B. Agreed. Again, this has merit but your approach will determine how successful you are. Also, it may be easier to determine who to approach about the subject. -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 T: 416-247-7740 F: 416-247-7503
Re: Bounced messages for email from forged email addresses for a hosted domain - need opinions
On Montag, 26. Juni 2006 01:36 Gino Cerullo wrote: Spambot A = Recipient Server C = (Bounce) = Forged Email Server D I think you've just proved my point. It's too hard to try and determine who to contact in these situations Do it like Spamcop does with SPAM: Contact *everybody* in the chain, and complain to them. Some sort of SPFcop would be nice for that.. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key:curl -s http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpSLPNPC7RR8.pgp Description: PGP signature
Re: Bounced messages for email from forged email addresses for a hosted domain - need opinions
Michael Monnerie [EMAIL PROTECTED] writes: Do it like Spamcop does with SPAM: Contact *everybody* in the chain, and complain to them. Some sort of SPFcop would be nice for that.. Or even use SpamCop itself. Bounces to forged emails are now considered legitimate for reporting to spamcop. This is what I do, together with a note saying that I use SPF and that it is not a good idea to accept email (using SMTP) and subsequently bounce it to a forged address.
