On Wed, 2008-04-09 at 19:04, Jonathan Nichols wrote:
> On Apr 8, 2008, at 2:50 PM, McDonald, Dan wrote:
> 
> >
> > On Tue, 2008-04-08 at 12:36 -0700, ahgu wrote:
> >> They forged the header with my email addr as the return address.
> >> When it get bounced back by a server, everything is valid. Since  
> >> the server
> >> strip off most of the content, it can pass the spamassassin very  
> >> easily. I
> >> wonder if anyone got this problem?
> >
> > Of course, it is very common.
> >
> > SPF does a reasonable job of stopping it, since it is not worth the
> > spammer's time to forge when a good portion will be ditched as  
> > violating
> > spf.
> >
> 
> Guys? He's been joe-jobbed.
> 
>  From the original email: "somebody is using my email as the bounce- 
> back return email.
> How do I avoid the problem?"
> 
> If SPF is supposed to prevent this, I can say that it sure as heck  
> doesn't seem to. Despite having SPF records, I still managed to have  
> my hostmaster@ address become the recipient of a few thousand bounce  
> notifications the other day. :|
>
SPF is ineffective if you set the record up incorrectly. As the rules
for doing so are somewhat opaque I'd *strongly* suggest that you use
wizard at 

        http://www.openspf.org 

to create your SPF record and the tools there and at 

        http://www.kitterman.com/spf/validate.html 

to check and correct your SPF record after its been deployed.

HTH,
Martin


Reply via email to