Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

spam campaign from my domain

Options
  • 26-03-2008 2:48pm
    #1
    squibs
    Closed Accounts Posts: 975 ✭✭✭


    I've just got a couple of hundred bounced emails into a domain I run. The subjects are pretyy much all different, but all unsavoury. I assume the lowlife just spoofed my domain as the email address. I'm also assuming that the header ip address comes from a compromised zombie PC and reporting it will do no good - here's the headers from a sample: 
    Received: from pool-141-157-216-216.ny325.east.verizon.net (pool-141-157-216-216.ny325.east.verizon.net [141.157.216.216])
    by confixx1.derproviderserver.de (Postfix) with ESMTP id 8A92369FFB
    for <honeybeela@rmi-beauty.de>; Wed, 26 Mar 2008 14:15:27 +0100 (CET)
Message-ID: <000801c88f43$016add3f$a8c2589f@fnuan>
From: "giacobo grady" <webmaster@***my spoofed domain***>
To: <honeybeela@rmi-beauty.de>
Subject: 87% off. Code #iqkc
Date: Wed, 26 Mar 2008 11:28:03 +0000
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C88F43.01696581"
    What if anything can I do to stop this, do damage limitation, and get some payback?


Comments

  • Options
    #2
    mneylon
    Registered Users Posts: 7,739 ✭✭✭mneylon


    Publish spf / sender ID records for your domain

    Remove any catchalls

    Curse spammers loudly :)

    Blog | Tweets



  • Options
    #3
    fintan
    Closed Accounts Posts: 647 ✭✭✭fintan


    blacknight wrote: »
    Publish spf / sender ID records for your domain

    Remove any catchalls

    Curse spammers loudly :)

    How well does spf / sender ID records work? I would imagine being reliant on the receiveing server to actually check that its real would be a problem?


  • Options
    #4
    squibs
    Closed Accounts Posts: 975 ✭✭✭squibs


    Thanks. Still getting a few bouncebacks 24 hours on, but the worst seems to be over. I blame the 1 moron in 1000 who thinks "Hell yes, I would like to buy herbal viagra and invest in shares in that Chinese company."


  • Options
    #5
    mneylon
    Registered Users Posts: 7,739 ✭✭✭mneylon


    fintan wrote: »
    How well does spf / sender ID records work? I would imagine being reliant on the receiveing server to actually check that its real would be a problem?
    A LOT of the major ISPs / mail handlers check spf / sender id, so yes it does work

    Blog | Tweets



  • Options
    #6
    oneweb
    Registered Users Posts: 3,146 ✭✭✭oneweb


    Are there any GOOD step-by-step with explanation SPF generators? I would like to do this without losing relevant emails (I have catchalls)

    It is what it's.



  • Advertisement
  • Options
    #7
    mneylon
    Registered Users Posts: 7,739 ✭✭✭mneylon


    http://www.openspf.org/ has a wizard.

    If you don't want spam you really need to kill off catchalls :)

    Blog | Tweets



  • Options
    #8
    cgarvey
    Registered Users Posts: 3,886 ✭✭✭cgarvey


    The problem's not with the big ISPs though, it's with the many, many smaller mail providers (the same sort that bounce a message to the spoofed sender mail address, rather than dealing with it at SMTP). They're the source of bounces not Hotmail or GMail. It's getting better, but has a long way to go yet.


Advertisement