[Dshield] Spam and spoofing my from address
tonye at billy.demon.nl
Tue Aug 9 19:21:53 GMT 2005
tir, 09.08.2005 kl. 16.45 skrev Andy Brown:
> This has been going on for some time now, and I've tried many ways to
> stop the issue, however other than closing my mail account it just seems
> to get worse.
> Several months ago I started to receive bounce messages saying unknown
> recipient, to domains/sites I'd never contacted.
> Examining the bounce it showed that the message was spam, using my
> address as the FROM address (nothing spectacular so far really).
> I looked closer, and they're being more clever than that, they're
> actually spoofing my server headers also, as the headers show my server
> name, IP address, etc as a legitimate email would.
There's NO WAY they could falsify the track (Received: headers) to your
node. No way. It's in your headers.
> Now thats not that difficult to do, I know, just grab MX records, etc,
> etc but the problem I've got is that some VERY dumb sysadmins out there
> are now mailing my postmaster account saying stop sending or they'll
> contact my upstream and have me cut-off.
> Luckily my upstream is myself! and the upstream from that is via
> business contacts, so very little chance they'd get me cut-off, but what
> I'm worried about is getting blacklisted, etc, etc.
> Does anyone have similar experiences, and have any suggestions on how to
> combat this problem?
> I'm starting to get upwards of 500+ bounces a day now, so the spammer
> out there is really sending them through at some rate.
> I can paste headers, etc to anyone who thinks they can shed light or
> provide possible answers (its not the email addresses i use here)!
Send me some examples off list, I'll get back on list later. Include
something of what's genuine and what you reckon is forged.
mail: tonye at billy.demon.nl
More information about the list