Re: [ga] Spoofed Email UBE

[kent@xxxxxxxxx]

I've seen a fair number of cases like this recently, though of course yours
may be different in detail.  I thought originally that they were "joe-jobs"
-- and they might be -- but I've come to the tentative conclusion that these
are actually bot-driven spam runs that use a single "From: " address for
large numbers of messages. 

In the cases I've been able to directly analyze, the number of sources is
fairly large, and in general no individual source is responsible for most
messages, so trying to block by source isn't practical. 

Anyway, so far this has been a "take aspirin and get plenty of bed rest" kind
of thing -- from a practical standpoint there really isn't much you can do. 
(DKIM, SPF, etc can be used to detect forgeries, but they can't prevent
forgeries.)

Best Regards,
Kent


On Thu, Apr 24, 2008 at 04:05:06PM -0700, sotiris@xxxxxxxxxxxxxxxxx wrote:
> 
> All,
> 
> I am really starting to be annoyed by the volume of unsolicited Bulk Email
> that is being sent out spoofed as originating from my own email address:
> sotiris[at]hermesnetwork...
> 
> I have narrowed the worst offender to a LACNIC IP address:
> 
> According to a 'Received:' trace, the message originated at: [200.96.220.59],
>   200-96-220-59.pvoce701.dsl.brasiltelecom.net.br
>   (200-96-220-59.pvoce701.dsl.brasiltelecom.net.br [200.96.220.59])
> 
> Return-Path: <sotiris@xxxxxxxxxxxxxxxxx>
> 
> Any advice on how to proceed with this would be much appreciated!
> 
> Be Well All,
> 
> Sotiris Sotiropoulos
> http://greekgourmand.blogspot.com/