Real spam problem - someone sending on behalf of our email addresss

Hi all,

I have a catch all account and 2 email addresses setup.

Info & reception
@mycompany.com

Yesterday and today I have suddenly received 1000+ return emails from mail delivery system, saying it was unable to deliver to this recipient. It looks like a spammer is sending on behalf of our email address to 1000s of email addresses.

How can I go about preventing this?

exmaple
-----------------------
Your message did not reach some or all of the intended recipients.

      Subject:      Can't find you in building
      Sent:      21/05/2009 19:25

The following recipient(s) cannot be reached:

      |donald.otoole@petrymedia.com on 21/05/2009 19:30
            The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address.
            <exchange.petrymedia.com
----------------------

Many thanks
LVL 1
unrealone1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Before anything else one thing must be noted:

There is no way to utterly stop this kind of abuse. SMTP is inherently insecure, all we can do is add bits to make a spammers life harder.

You have two issues here.

The first is abuse of your Domain Name. To combat this SenderID / SPF was developed. This allows you to state which servers are permitted to send as your domain name by adding a specific record to your public DNS Servers.

There are wizards to help build these kind of records here:

http://www.openspf.org/
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Both should give you roughly the same thing, so use whichever you prefer the look of.

Note that SPF is not used everywhere so while it will help, it will still be limited.

The second issue you're having is called Backscatter. This happens when somebody spoofs one of your addresses and you receive a Non-Delivery Report as a result of the spoofed message.

This one is harder to stop, it can be done in Exchange 2007 by tagging all outbound mail, and dropping NDRs when the tag is not included. I am not aware of a way using Exchange 2003. Spam Assassin may be able to do it, but you would have to refer to the product documentation.

Because SPF reduces the spammers ability to spoof your domain name it can also reduce backscatter.

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.