Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

spam campaign from my domain

  • 26-03-2008 01:48PM
    #1
    squibs
    Closed Accounts Posts: 975 ✭✭✭


    I've just got a couple of hundred bounced emails into a domain I run. The subjects are pretyy much all different, but all unsavoury. I assume the lowlife just spoofed my domain as the email address. I'm also assuming that the header ip address comes from a compromised zombie PC and reporting it will do no good - here's the headers from a sample: 
    Received: from pool-141-157-216-216.ny325.east.verizon.net (pool-141-157-216-216.ny325.east.verizon.net [141.157.216.216])
    by confixx1.derproviderserver.de (Postfix) with ESMTP id 8A92369FFB
    for <honeybeela@rmi-beauty.de>; Wed, 26 Mar 2008 14:15:27 +0100 (CET)
Message-ID: <000801c88f43$016add3f$a8c2589f@fnuan>
From: "giacobo grady" <webmaster@***my spoofed domain***>
To: <honeybeela@rmi-beauty.de>
Subject: 87% off. Code #iqkc
Date: Wed, 26 Mar 2008 11:28:03 +0000
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C88F43.01696581"
    What if anything can I do to stop this, do damage limitation, and get some payback?


Comments

  • #2
    mneylon
    Registered Users, Registered Users 2 Posts: 7,742 ✭✭✭mneylon


    Publish spf / sender ID records for your domain

    Remove any catchalls

    Curse spammers loudly :)

    Blog | Tweets



  • #3
    fintan
    Closed Accounts Posts: 647 ✭✭✭fintan


    blacknight wrote: »
    Publish spf / sender ID records for your domain

    Remove any catchalls

    Curse spammers loudly :)

    How well does spf / sender ID records work? I would imagine being reliant on the receiveing server to actually check that its real would be a problem?


  • #4
    squibs
    Closed Accounts Posts: 975 ✭✭✭squibs


    Thanks. Still getting a few bouncebacks 24 hours on, but the worst seems to be over. I blame the 1 moron in 1000 who thinks "Hell yes, I would like to buy herbal viagra and invest in shares in that Chinese company."


  • #5
    mneylon
    Registered Users, Registered Users 2 Posts: 7,742 ✭✭✭mneylon


    fintan wrote: »
    How well does spf / sender ID records work? I would imagine being reliant on the receiveing server to actually check that its real would be a problem?
    A LOT of the major ISPs / mail handlers check spf / sender id, so yes it does work

    Blog | Tweets



  • #6
    oneweb
    Registered Users, Registered Users 2 Posts: 3,219 ✭✭✭oneweb


    Are there any GOOD step-by-step with explanation SPF generators? I would like to do this without losing relevant emails (I have catchalls)

    It is what it's.



  • Advertisement
  • #7
    mneylon
    Registered Users, Registered Users 2 Posts: 7,742 ✭✭✭mneylon


    http://www.openspf.org/ has a wizard.

    If you don't want spam you really need to kill off catchalls :)

    Blog | Tweets



  • #8
    cgarvey
    Registered Users, Registered Users 2 Posts: 3,890 ✭✭✭cgarvey


    The problem's not with the big ISPs though, it's with the many, many smaller mail providers (the same sort that bounce a message to the spoofed sender mail address, rather than dealing with it at SMTP). They're the source of bounces not Hotmail or GMail. It's getting better, but has a long way to go yet.


Advertisement
Advertisement