Forged headers

[Ronnie Tartar <rt...@symbiostech.com>]

We run a descent sized datacenter.  The problem I have is that someone sent 
out a spam with our abuse email address as the reply to.

I have added an spf record to the dns now to try and reduce the forged 
headers problem.  Any other suggestions would be helpful.

Thanks in advance. 

Re: Forged headers

[jdow <jd...@earthlink.net>]

From: "Ronnie Tartar" <rt...@symbiostech.com>

> We run a descent sized datacenter.  The problem I have is that someone
sent
> out a spam with our abuse email address as the reply to.
>
> I have added an spf record to the dns now to try and reduce the forged
> headers problem.  Any other suggestions would be helpful.
>
> Thanks in advance.

Being of a somewhat volatile nature one thing that comes to mind is
finding one of these miscreants 'first' and applying some 'social
training' of the 'despicable kind'. Of course, I have promised that
if on a jury for such a case I will NEVER find the person who
applied the 'social training' guilty of anything related to that
'social training' or the person so 'trained.'

Well, it's fun to think about. And catching a few of them and putting
them away in prison with the really nasty criminals, since they are
really nasty themselves, seems like a good idea. I do consider spam
and capturing innocent machines to send spam as a violent crime even
if the courts do not. It shows an EXTREME disconnect with society
which makes them dangerous.

{^_^}

Re: Forged headers

[Lima Union <li...@gmail.com>]

On 5/5/05, Ronnie Tartar <rt...@symbiostech.com> wrote:
> We run a descent sized datacenter.  The problem I have is that someone sent
> out a spam with our abuse email address as the reply to.
> 
> I have added an spf record to the dns now to try and reduce the forged
> headers problem.  Any other suggestions would be helpful.
> 
> Thanks in advance.
> 

If you're running Postfix check this: 
http://www.postfix.org/BACKSCATTER_README.html

Regards,
GeorgeC.

Re: Forged headers

[Matt Kettler <mk...@evi-inc.com>]

Ronnie Tartar wrote:

> We run a descent sized datacenter.  The problem I have is that someone
> sent out a spam with our abuse email address as the reply to.
>
> I have added an spf record to the dns now to try and reduce the forged
> headers problem.  Any other suggestions would be helpful.
>
> Thanks in advance.

Really there's not a whole lot more you can do about forgery.

Forged email, including spam, originates on a system that you don't
control, and is received by a system you don't control. All you can
really do is publish  SPF records and hope the recipient checks SPF.

The only other measure you can take is to help make your systems less of
a problem for others who face what you now face.

1) Whenever possible configure your MTAs to verify the local recipient
address before accepting mail. Try to avoid simply queuing all mail and
forwarding it to an internal mailserver which will generate a ton of
bounce messages for invalid addresses.

2) When you do bounce a message, make sure it's done as a proper DSN as
mandated by the RFCs. i.e. Don't use some broken hack that just sends an
email back to the From: address with a useless message like "Your
message was not delivered, recipient does not exist" and no other
information.