asked on
Suddenly we are recieving a lot of email spoofing reports from various customers 11-04-08
Hi
Over the last couple of weeks we are starting to get reports from different customers that they are receiving alot of NDRs for emails they never sent.
I would like to confirm that this is due to spoofing and nothing else.
If its agreed that it spoofing I would like to confirm that the only tools I have against this problem is a rDNS setup for all the exchange servers and a SPF record.
Hope to hear all your comments on this.
Over the last couple of weeks we are starting to get reports from different customers that they are receiving alot of NDRs for emails they never sent.
I would like to confirm that this is due to spoofing and nothing else.
If its agreed that it spoofing I would like to confirm that the only tools I have against this problem is a rDNS setup for all the exchange servers and a SPF record.
Hope to hear all your comments on this.
Email ServersVulnerabilities
Last Comment
pbrane
We have been receiving a lot of these at my employer's as well. Very odd. We use proofpoint for our spam detection and it does not seem to catch them either.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
All I have is a forwarded NDR here is the header. Not sure if that the server sending the NDR or the original sender. Received: (qmail 52279 invoked from network); 4 Apr 2008 02:17:50 +0400
Received: from 62.29.82.117.broad.sz.js.d
(117.82.29.62)
by webrika.ru with SMTP;
Thats definitely not us.
I really appreciate these comments. We have been digging around and trying to find a solution. Its time we created a vigilate group and this time we won't use technology we'll just use garden forks and scyths !!!! haha
Please keep them coming, someone out there might have a sweet trick up their sleeve.
Thanks
Received: from 62.29.82.117.broad.sz.js.d
(117.82.29.62)
by webrika.ru with SMTP;
Thats definitely not us.
I really appreciate these comments. We have been digging around and trying to find a solution. Its time we created a vigilate group and this time we won't use technology we'll just use garden forks and scyths !!!! haha
Please keep them coming, someone out there might have a sweet trick up their sleeve.
Thanks
Well as you can identify yourself, the mail was sent by Webrika.ru from their SMTP gateway, which as you say is not you, but more likely a russian spam company or at least from a russian webpage.
Now you have identified these at the spoofers, all thats left is to sit down and cry *sigh*
I had several of these cases in the past (and still receive some of these mails) and as yet we have not found a single viable solution that does not end up blocking real email as well.
The best bet is to either change the mails from those that receive an exorbitant amount, or create filters that removes the most common used phrases in the return emails from spoof attempts.
Oh and if you do form the vigilante group, i'll come and bring my lawnmover or garden axe.....we might catch some virus builders together with the spammers if we are lucky
Now you have identified these at the spoofers, all thats left is to sit down and cry *sigh*
I had several of these cases in the past (and still receive some of these mails) and as yet we have not found a single viable solution that does not end up blocking real email as well.
The best bet is to either change the mails from those that receive an exorbitant amount, or create filters that removes the most common used phrases in the return emails from spoof attempts.
Oh and if you do form the vigilante group, i'll come and bring my lawnmover or garden axe.....we might catch some virus builders together with the spammers if we are lucky
ASKER
hahahaha it seems vigilante group is the only option.
What do you think to SPF records. Or are these pointless due the fact NDRs will still come back to us?
What do you think to SPF records. Or are these pointless due the fact NDRs will still come back to us?
You can add them, but the NDR's will still come and if you start to block those, you may end up blocking valid buisness partners, and since the spammers continue to expand you will just receive more and more.
I must admit that I have given up personally on finding a way out, except for headhunting the spammer and doing some good old-fashion decapitation and shrinking of skulls, heck I even got approval to hire a true witchdoctor.....
Finding the spammers, thats the nasty part
I must admit that I have given up personally on finding a way out, except for headhunting the spammer and doing some good old-fashion decapitation and shrinking of skulls, heck I even got approval to hire a true witchdoctor.....
Finding the spammers, thats the nasty part
ASKER
Thanks Cholmskov, I am going to leave this ticket open for a little longer while a sharpen the blades just in case...
Sure thing, im already a premium member so im not really worried about points and so, I do this for fun and to help others :)
ASKER
Although this does not resolve the issue I think it outlines the options for us smaller companies.