" If they send legitimate mail from their hotel or Home circuit (if it was originally an Office account/circuit with you, but bring laptop home also), which home provider blocks SMTP excpet for using Access provider's SMTP server, the legitimate sender will no longer get notice when a send was unsuccessful. SMTP Auth is not always a winning solution, when Port 25 gets blocked."
Most mail servers will support both SMTP Authentication and alternate SMTP ports. Port 587 is supposed to be a standard alternate port for SMTP. We have our roaming users replace port 25 with 587 and enable SMTP authentication which seems to work very well. Richey -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tom DeReggi Sent: Tuesday, December 29, 2009 1:48 PM To: WISPA General List Subject: Re: [WISPA] domain spam attack - JoeJob The watermark idea sounds like a clever idea, and worthy solution. Only thing, should consider whether you let your mail users send through other providers during travel or secondary locations. (Would also apply to SPF to some extent). If they send legitimate mail from their hotel or Home circuit (if it was originally an Office account/circuit with you, but bring laptop home also), which home provider blocks SMTP excpet for using Access provider's SMTP server, the legitimate sender will no longer get notice when a send was unsuccessful. SMTP Auth is not always a winning solution, when Port 25 gets blocked. So it boils down to... Do you want to set policy to only support mail if sent through your own mail server? Thats a personal decission. But it could also be addressed by how the watermark gets delt with. For example, what if the watermark rule was used, BUT it accepted the first 5 bounces within a define period of time, and then auto blocked all future bounces for a defined period of time? That would be better because it allows getting a few of the bounces for management, but also limits the number of harmful bounces. We use similar techniques with Blacklisting. We let first few through, and then when threshhold is exceeded we temporarilly blacklist sender for like 12 hours. That is very effective in managing SPAM and DDOS. Unforunteately, it is not a good way to prevent poor reputation ratings that rely on other provider's systems that accept and weight to heavilly "What is SPAM" submissions from their end users. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband ----- Original Message ----- From: "Terry Hickey" <[email protected]> To: "WISPA General List" <[email protected]> Sent: Tuesday, December 29, 2009 11:20 AM Subject: Re: [WISPA] domain spam attack - JoeJob >I use MailScanner http://www.mailscanner.info/ . It allows you to put a > watermark on all messages leaving your mailserver. If a bounce come in > without the watermark , it trashes it ..... works like a charm for exactly > that. > > Terry > > ----- Original Message ----- > From: "Nick Olsen" <[email protected]> > To: "WISPA General List" <[email protected]> > Sent: Tuesday, December 29, 2009 8:54 AM > Subject: Re: [WISPA] domain spam attack - JoeJob > > >> Not really. Being in Asia and all. >> We have had this happen to us before. Just have to wait for them to go >> away. >> >> Nick Olsen >> Brevard Wireless >> (321) 205-1100 x106 >> >> >> ---------------------------------------- >> >> From: "Kurt Fankhauser" <[email protected]> >> Sent: Tuesday, December 29, 2009 10:32 AM >> To: "WISPA General List" <[email protected]> >> Subject: [WISPA] domain spam attack - JoeJob >> >> Does anyone have any experience with having an attack done on your domain >> where the sender spoofs the header and then puts your domain in it as the >> sender. I think this is called a JoeJob and we are getting 1000's of the >> bounced messages because of it and are now having difficulty sending to >> some >> of the bigger email providers like aol, yahoo, and hotmail. I tracked the >> originating IP down to somewhere in Asia and reported them to the holder >> of >> the Whois information there. Anything else I can do? >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> ---------------------------------------------------------------------------- >> ---- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> ---------------------------------------------------------------------------- >> ---- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> ---------------------------------------------------------------------------- ---- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> ---------------------------------------------------------------------------- ---- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > ---------------------------------------------------------------------------- ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > ---------------------------------------------------------------------------- ---- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -- > Internal Virus Database is out-of-date. > Checked by AVG. > Version: 7.5.560 / Virus Database: 270.12.26/2116 - Release Date: > 5/15/2009 6:16 AM > > ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
