[ale] OT: SPAM is winning

Scott Castaline hscast at charter.net
Mon Jul 2 16:59:27 EDT 2007


Jeff Lightner wrote:
> I saw this message this morning as well.  You're not spamming us
> yourself are you Bob?  :-)
> 
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Bob
> Toxen
> Sent: Sunday, July 01, 2007 3:48 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] OT: SPAM is winning
> 
> The Enterprise-grade commercial spam filter I developed is doing an
> excellent job of blocking almost all spam.  One of its key features
> is spoofed email detection, where we determine that the From address
> is bogus.  If it is, we reject it as spam.  This works even if there is
> no content to search because the spam is in an image attachment.
> 
> One of the spoof filters is the use of Sender Policy Framework (SPF),
> a way that one can determine with certainty if email claiming to be
> from a domain, such as aol.com, really did come from that domain.  Our
> spam filter is listed on SPF's http://www.openspf.org/Implementations
> page.  Note that you should add the appropriate DNS records to your
> domain so that recipients using SPF can determine if someone is spoofing
> claiming to send others email from your domain.
> 
> There also is a feature that detects email claiming to be bounced email
> that did not originate from our site.  This works against spammers who
> deliver spam in what claims to be bounced email.  It also blocks email
> where a spammer sends email to a third party claiming to be from our
> domain.
> 
> Bob Toxen
> bob at verysecurelinux.com               [Please use for email to me]
> http://www.verysecurelinux.com        [Network&Linux/Unix security
> consulting]
> http://www.realworldlinuxsecurity.com [My book:"Real World Linux
> Security 2/e"]
> Quality Linux & UNIX security and SysAdmin & software consulting since
> 1990.
> 
> On Sat, Jun 30, 2007 at 07:32:50PM -0400, Scott Castaline wrote:
>> I have suddenly started receiving an increase of SPAM. I thought I had
> 
>> finally got the situation under control, but now I'm receiving what 
>> looks like scanned in images as the message and the attachments are 
>> PDFs. To make it worse they seem to be cloning legitament email 
>> addresses, so I'll initially think they are legit, never mind my 
>> filters. Some of the email addresses are ones from people that I know 
>> but when I dig through the header in a text editor it definitely is
> not 
>> coming from who it says it is. Anybody else getting this? Anyone know
> of 
>> a way around this?
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
Either I need to go back to where I had my eyes examined for contacts or 
I'm actually receiving mail in triplicate.



More information about the Ale mailing list