<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] Spoofed Email UBE
- To: sotiris@xxxxxxxxxxxxxxxxx
- Subject: Re: [ga] Spoofed Email UBE
- From: Karl Auerbach <karl@xxxxxxxxxxxx>
- Date: Thu, 24 Apr 2008 17:01:50 -0700
sotiris@xxxxxxxxxxxxxxxxx wrote:
I am really starting to be annoyed by the volume of unsolicited Bulk Email
that is being sent out spoofed as originating from my own email address:
sotiris[at]hermesnetwork...
...
Any advice on how to proceed with this would be much appreciated!
Welcome to the community of Joe Job victims.
I have my own notion of what ought to happen to Joe Jobbers:
http://www.cavebear.com/cbblog-archives/000236.html
I have implemented both SPF and DKIM.
SPF informs receivers of the IP addresses of servers that are legitimate
sources of email for a given domain name.
DKIM does a crypto signature on the headers so that the identity of the
source domain can be verified.
SFP merely requires a simple TXT record in your DNS zone.
DKIM requires active code to process outgoing and incoming email as well
as at least one TXT record in DNS. I used the dkim-milter package from
sendmail.org.
A few web searches will bring you to SPF and DKIM info and resources.
Some receivers will discard email that does not pass the SPF check.
Right now I suspect that most receivers that check DKIM will merely note
the discrepancy.
Since some of my mail is originated by SalesForce and Postini, neither
of which have yet given me a way to DKIM sign those missives. On the
other hand, I've covered both SalesForce and Postini in my SPF records.
Neither SPF nor DKIM stop joe jobbing or spam. But they do create a
good body of evidence to use when trying to convince someone to remove a
block that they have inserted against you because they, falsely, believe
that you are a spammer.
About three weeks ago I encountered a more annoying anti-spam block.
Some of my machines are at the Hurricane Electric facility in Fremont,
California. That's one of those places with thousands upon thousands of
machines buzzing away in faceless blue cabinets. Some machines with IP
addresses near those of my machines were emitting spam. The spam block
that someone installed covered the entire /24, not the specific
troublemakers.
One of the underestimated powers of spam and joe jobbing is its power to
fracture the net through the slow accumulation of filters that are
almost immune to erosion and removal.
--karl--
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|