ICANN/GNSO GNSO Email List Archives

[ga]

<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Spoofed Email UBE

  • To: sotiris@xxxxxxxxxxxxxxxxx
  • Subject: Re: [ga] Spoofed Email UBE
  • From: Karl Auerbach <karl@xxxxxxxxxxxx>
  • Date: Thu, 24 Apr 2008 17:01:50 -0700

sotiris@xxxxxxxxxxxxxxxxx wrote:


I am really starting to be annoyed by the volume of unsolicited Bulk Email
that is being sent out spoofed as originating from my own email address:
sotiris[at]hermesnetwork...

...

Any advice on how to proceed with this would be much appreciated!


Welcome to the community of Joe Job victims.
I have my own notion of what ought to happen to Joe Jobbers: http://www.cavebear.com/cbblog-archives/000236.html 

I have implemented both SPF and DKIM.
SPF informs receivers of the IP addresses of servers that are legitimate sources of email for a given domain name.
DKIM does a crypto signature on the headers so that the identity of the source domain can be verified. 

SFP merely requires a simple TXT record in your DNS zone.
DKIM requires active code to process outgoing and incoming email as well as at least one TXT record in DNS. I used the dkim-milter package from sendmail.org. 

A few web searches will bring you to SPF and DKIM info and resources.

Some receivers will discard email that does not pass the SPF check.
Right now I suspect that most receivers that check DKIM will merely note the discrepancy.
Since some of my mail is originated by SalesForce and Postini, neither of which have yet given me a way to DKIM sign those missives. On the other hand, I've covered both SalesForce and Postini in my SPF records.
Neither SPF nor DKIM stop joe jobbing or spam. But they do create a good body of evidence to use when trying to convince someone to remove a block that they have inserted against you because they, falsely, believe that you are a spammer.
About three weeks ago I encountered a more annoying anti-spam block. Some of my machines are at the Hurricane Electric facility in Fremont, California. That's one of those places with thousands upon thousands of machines buzzing away in faceless blue cabinets. Some machines with IP addresses near those of my machines were emitting spam. The spam block that someone installed covered the entire /24, not the specific troublemakers.
One of the underestimated powers of spam and joe jobbing is its power to fracture the net through the slow accumulation of filters that are almost immune to erosion and removal. 

                --karl--
<<< Chronological Index >>>    <<< Thread Index >>>