[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 417
  • Last Modified:

Spam emails

We have had a sudden onset of email coming to our postmaster box (unknown mailbox) as undeliverable. for the most part have a format like:

6A06FB@ourdomain.com

I suspect a spammer is using our domain name, but what can we do about it. Mail is hosted at Networksolutions.net.

don't really want to get blacklisted
0
warsawtech
Asked:
warsawtech
  • 2
2 Solutions
 
Brad BouchardInformation Systems Security OfficerCommented:
First go here:  mxtoolbox.com

and click on the blacklist button at the top menu.

Put your domain in and check.  After it's first check it only does the 35 most common lists, there is a link that says check all 90 something lists.  Click that and make sure you aren't on any lists.  Then, call networksolutions and inform them so they can inform you better how to proceed.
0
 
Dave HoweCommented:
You will most likely find that none of those mails were sent from your own mail servers (check the headers on some of the undeliverables, they will probably trace back to someplace in russia or china)

If so, you can do little or nothing to stop them being sent, but you can do a little to get them bounced more often (at which case, often the spammers will move onto a domain with a higher success rate)

First thing is to add a SPF record to your domain. the easiest is to do is "mx -all" which means (in english) "our domain sends from addresses listed in the MX records for inbound mail; other sources should be rejected". If there are any other IPs that will send as your domain, then you will need to take that into account when defining your SPF record (this is a DNS change)

http://en.wikipedia.org/wiki/Sender_Policy_Framework

If your mailserver supports it (and note that MS don't!), also move to DKIM support. This adds a bit more load (because mails need to be digitally signed) but many of the big recipients (such as google) will inspect for DKIM And bounce non-matching mails. There are also open source MTAs (eg EXIM) that could be used to add DKIM to a non-DKIM mailserver as an outbound relay, but that's a fair amount of work.

http://en.wikipedia.org/wiki/DKIM

all you can really do though, as outlined above, is to make it more likely that the spam will be rejected rather than generating NDRs.  If you can make it sufficiently likely that mail gets bounced though, the spammers WILL move on to another domain, as they don't really care whose good name they abuse, as long as they get paid, so will take low-hanging fruit where they can.
0
 
Dave HoweCommented:
oh, and if it *was* your mail server sending this out, then you have a different issue..... also, as you have hosted mail, ask your provider about their DKIM and SPF support, they may be able to turn this on for you....
0
 
warsawtechAuthor Commented:
xBouchardx
Checked the MX records and no black listing yet!!

DaveHowe
Went to network Solutions and added SPF to the text in both domains I had this showing up in and now I just have to wait and see.
Going to investigate the DKIM further in the meantime.

Thanks guys
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now