[ale] Spammer using my address :(

Bob Toxen transam at VerySecureLinux.com
Thu Apr 10 13:44:00 EDT 2008


As Jim, et al, suggested adding SPF records (http://www.openspf.org/)
will cause those few spam recipients that use SPF to drop the spam
rather than bounce it back to you.

Yes, a major pain with SPF is users who insist on sending email from
their home ISPs that claim to be from "The Company".  You really do
NOT want to add all of Earthlink's IPs or MSNs or ... to your SPF list
because that would allow anyone at those ISPs to spam you and spam
others claiming to be from your company.

Unfortunately, most organizations do not use SPF so the percentage of
bounced spams won't be reduced too much.


My spam filter does have a capability to detect bounced spoofed mail and
dump it.

Best regards,

Bob Toxen, CTO
Horizon Network Security
"Your expert in Spam and Virus Filters, Linux server hardening, Firewalls,
Network Monitoring, Linux System Administration, VPNs, local and remote
backup software, and Network Security consulting, in business for 18 years."

www.VerySecureLinux.com        [Network & Linux/Unix Security Consulting]
www.RealWorldLinuxSecurity.com [Our 5* book: "Real World Linux Security"]
www.VerySecureLinux.com/sunset.html                     [Sunset Computer]
bob at VerySecureLinux.com (e-mail)
+1 770.662.8321  (Office: 10am-6pm M-F U.S. Eastern Time)

On Wed, Apr 09, 2008 at 03:16:11PM -0400, Greg Freemyer wrote:
> Guys,
> 
> A spammer is apparently using one of our company addresses as a reply
> to address.  ie. We're getting th bounce messages.
> 
> Does anyone know of anything that should be done mitigate the problem,
> or do we just have to hope the spammer changes reply addresses in a
> day or two.
> 
> Thanks
> Greg
> -- 
> Greg Freemyer
> Litigation Triage Solutions Specialist
> http://www.linkedin.com/in/gregfreemyer
> First 99 Days Litigation White Paper -
> http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
> 
> The Norcross Group
> The Intersection of Evidence & Technology
> http://www.norcrossgroup.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale


More information about the Ale mailing list