Spam is out of control
Hello all,
I am having a serious issue. Our company has been bombarded by spam the last two weeks. Our return address is being spoofed and sending back tons of "Delivery Failure" notifications. Along with this, we are recieving an influx of other spam (like the outlook express update email) across all domains. Here is a copy of some of the headers
Return-Path: <exylvn75@touchstarsolutio
Received: (qmail 29800 invoked by uid 64021); 24 Jun 2009 13:43:16 -0000
Received: from 189.24.121.181 by mx1.swiftel.com.au (envelope-from <exylvn75@touchstarsolutio
(
Clear:RC:0(189.24.121.181)
Processed in 1.183734 secs); 24 Jun 2009 13:43:16 -0000
Received: from unknown (HELO 18924121181.user.veloxzone
by mx1.swiftel.com.au with SMTP; 24 Jun 2009 13:43:15 -0000
Date: Wed, 24 Jun 2009 10:42:48 -0300
Message-Id: <4748NE34763.L00B4ABRR2451
From: coles@wahlstrom.com.au
To: coles@wahlstrom.com.au
Subject: Want a BetterSex Life use AcaiBerry
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding:
MIME-Version: 1.0
I have tried to implement Sender Policy Framework with our DNS host, but I'm not thinking it's working since the same emails are still getting through.
We are using a WatchGuard Firewall X700 and Mail Marshal as our spam filter.
Does anyone have any suggestions on ways to filter out more of this erroneous spam? Is anyone else experiencing large amounts of this spam as well?
I am having a serious issue. Our company has been bombarded by spam the last two weeks. Our return address is being spoofed and sending back tons of "Delivery Failure" notifications. Along with this, we are recieving an influx of other spam (like the outlook express update email) across all domains. Here is a copy of some of the headers
Return-Path: <exylvn75@touchstarsolutio
Received: (qmail 29800 invoked by uid 64021); 24 Jun 2009 13:43:16 -0000
Received: from 189.24.121.181 by mx1.swiftel.com.au (envelope-from <exylvn75@touchstarsolutio
(
Clear:RC:0(189.24.121.181)
Processed in 1.183734 secs); 24 Jun 2009 13:43:16 -0000
Received: from unknown (HELO 18924121181.user.veloxzone
by mx1.swiftel.com.au with SMTP; 24 Jun 2009 13:43:15 -0000
Date: Wed, 24 Jun 2009 10:42:48 -0300
Message-Id: <4748NE34763.L00B4ABRR2451
From: coles@wahlstrom.com.au
To: coles@wahlstrom.com.au
Subject: Want a BetterSex Life use AcaiBerry
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding:
MIME-Version: 1.0
I have tried to implement Sender Policy Framework with our DNS host, but I'm not thinking it's working since the same emails are still getting through.
We are using a WatchGuard Firewall X700 and Mail Marshal as our spam filter.
Does anyone have any suggestions on ways to filter out more of this erroneous spam? Is anyone else experiencing large amounts of this spam as well?
If you are getting the bounce backs, then SPF isn't going to work for you either.
The real problem is the clueless network admins who are sending spam back to the sender, or accepting email for non-existent users and then attempting to reject it.
With regards to the spoofing of the email NDRs, there is little that you can do. You must accept the NDR otherwise you will get blacklisted yourself. Using a blacklist isn't going to help because it is an NDR.
If your current antispam solution isn't working and dealing with the spoofing then you need to look at another one. There is no magic solution to dealing with spam, what works for one may not work for another. Everyone gets large amounts of spam, it is how they deal with it that is the key.
Simon.
The real problem is the clueless network admins who are sending spam back to the sender, or accepting email for non-existent users and then attempting to reject it.
With regards to the spoofing of the email NDRs, there is little that you can do. You must accept the NDR otherwise you will get blacklisted yourself. Using a blacklist isn't going to help because it is an NDR.
If your current antispam solution isn't working and dealing with the spoofing then you need to look at another one. There is no magic solution to dealing with spam, what works for one may not work for another. Everyone gets large amounts of spam, it is how they deal with it that is the key.
Simon.
ASKER
I'm open to any suggestions. There's only so much I can do internally on my side to stem this problem. We are getting so much spam that it's shutting down our Mail Marshal server and clogging our firewall. Should I be pushing our MX records holder to see if they can do anything about this? I'm just at a loss for further steps I should be taking.
@Kieran - Our Mail Marshal server uses spamhaus and symantec for its blacklists.
@Kieran - Our Mail Marshal server uses spamhaus and symantec for its blacklists.
MX records are just a DNS setting. Nothing else can be done by them.
If your antispam solution can't cope then perhaps you will need to look at outsourcing it.
Is your Mail Marshal system able to do recipient filtering? If so, enable that, as a lot of spam is to non valid users.
Simon.
If your antispam solution can't cope then perhaps you will need to look at outsourcing it.
Is your Mail Marshal system able to do recipient filtering? If so, enable that, as a lot of spam is to non valid users.
Simon.
You should get a spam firewall appliance. I was able to use a barracuda spam firewall to block my own domain name from external incoming messages.
That way no one can send me e-mail from y own e-mail address.
Since the firewall only scans external incoming e-mail messages my internal users were not affected.
My domain starts with the letter A, i am usually one of the first to get hit. I've blocked reverse dns attacks, spoofs, messages sent from my domain to invalid domains and getting hit with undeliverables. For $1300 to cover 1000 mailboxes you have a solution.... look at Mail Foundry or Barracuda Network
Software solutions DO NOT work
That way no one can send me e-mail from y own e-mail address.
Since the firewall only scans external incoming e-mail messages my internal users were not affected.
My domain starts with the letter A, i am usually one of the first to get hit. I've blocked reverse dns attacks, spoofs, messages sent from my domain to invalid domains and getting hit with undeliverables. For $1300 to cover 1000 mailboxes you have a solution.... look at Mail Foundry or Barracuda Network
Software solutions DO NOT work
"Software solutions DO NOT work"
What do you think an appliance is then?
It is just another piece of software installed on some custom hardware. The vendor may well have locked down the host OS, but that is about all.
Simon.
What do you think an appliance is then?
It is just another piece of software installed on some custom hardware. The vendor may well have locked down the host OS, but that is about all.
Simon.
ASKER
We use Mail Marshal as our spam filter, and for years it has done a pretty good job. Only recently (like the last two weeks) have we had any issues. I've turned off NDR on the exchange server, which helped quite a bit, but I'm still recieving all the NDR's from the other domains. I'm working with our DNS host to see if there is anything they can do to filter out some of these erroneous emails.
Just a note, the reason SpamHaus and SpamCop lists won't help in this matter is because the mass of NDR's we are recieving are from valid domains. I need to find a way to block the bogus senders. I think if I find out how to do that, I will make millions.
Just a note, the reason SpamHaus and SpamCop lists won't help in this matter is because the mass of NDR's we are recieving are from valid domains. I need to find a way to block the bogus senders. I think if I find out how to do that, I will make millions.
By software solutions i mean bs applications like symantec or cloudmark you add to your exchange server or microsoft os.
Unless a dedicated machine/hardware just for spam, it just doesn't stop sh*t
what do you use Mr. 30,575?
Unless a dedicated machine/hardware just for spam, it just doesn't stop sh*t
what do you use Mr. 30,575?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and subscribe to their XBL real time blacklist http://www.spamhaus.org/xb
We've used and it cut the amount of spam being handled by the mail filter system by a huge margin. the use IS free for a limited number of lookups