FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-31-2011, 10:53 PM
Bill Campbell
 
Default dealing with spoofing

On Wed, Aug 31, 2011, m.roth@5-cent.us wrote:
>Here's a thought I just thunk, folks: some scum, apparently in eastern
>Europe, has harvested my email, and is using it in the Reply-To: in its
>spamming efforts. Now, I realize that some mails go out from noreply, but
>other than that, is there a good reason why a mailserver would not be
>configured to send delivery failure to *both* Reply-To and From?

This type of forging is generally referred to as a "Joe Job", and
may be a conscious effort to impair the reputation of the forged
sender or domain or perhaps an attempt to flood the mailboxes of
antispammers (e.g. mail forged like abuse@antispam.example.com).

Sending spam complaints to these addresses or to their ISPs is
generally a waste of time and effort as the forged sender has
nothing to do with the message as any cursory examination of the
Received: headers in the message will confirm. The spam
complaints are in themselves a type of abuse, and are referred to
as "Blowback". Sometimes these complaints are the result of
ignorance when they are manual complaints, or incompetence (e.g.
early Barracuda e-mail appliances that did this by default).

Configuring an MTA to bounce to the Reply-To: header is probably
worse than useless as it could well flood poorly configured
mailing lists with garbage when spam gets through the lists spam
filters, then the complaints go back to the mailing list.

Probably the best thing to do with this kind of delivery failure
message which come in is to ignore them unless you feel like Don
Quixote and like tilting at windmills.

Bill
--
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792

UNIX was not designed to stop you from doing stupid things, because that
would also stop you from doing clever things. -- Doug Gwyn
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-01-2011, 05:39 PM
Kenneth Porter
 
Default dealing with spoofing

--On Wednesday, August 31, 2011 5:48 PM -0400 Mailing Lists
<mailinglist@theflux.net> wrote:

> http://www.openspf.org/Introduction - SPF FTW

DKIM is another possibility.

Blizzard (the game company) signs some (not all) of its mail with DKIM, and
I use that to spot obvious account-theft scams. Unfortunately some servers
break the signature, so it can be difficult to use and verify.

<http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail>


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-01-2011, 07:43 PM
Scott Silva
 
Default dealing with spoofing

on 9/1/2011 10:39 AM Kenneth Porter spake the following:
> --On Wednesday, August 31, 2011 5:48 PM -0400 Mailing Lists
> <mailinglist@theflux.net> wrote:
>
>> http://www.openspf.org/Introduction - SPF FTW
>
> DKIM is another possibility.
>
> Blizzard (the game company) signs some (not all) of its mail with DKIM, and
> I use that to spot obvious account-theft scams. Unfortunately some servers
> break the signature, so it can be difficult to use and verify.
>
> <http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail>
I get TONS of spam with legitimate DKIM signatures...




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-01-2011, 08:14 PM
Kenneth Porter
 
Default dealing with spoofing

On Thursday, September 01, 2011 12:43 PM -0700 Scott Silva
<ssilva@sgvwater.com> wrote:

> I get TONS of spam with legitimate DKIM signatures...

DKIM and SPF do not stop you from getting spam. Their purpose is to keep
you from getting joe-jobbed, by declaring to the world which mail really
came from you. It protects email sources, not destinations.

So you're getting "honest" spam that tells you that it really came from
where it claims to have come from.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-01-2011, 09:10 PM
Always Learning
 
Default dealing with spoofing

On Thu, 2011-09-01 at 12:43 -0700, Scott Silva wrote:

> I get TONS of spam with legitimate DKIM signatures...

How is that possible ?

Paul.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-01-2011, 09:34 PM
Scott Silva
 
Default dealing with spoofing

on 9/1/2011 1:14 PM Kenneth Porter spake the following:
> On Thursday, September 01, 2011 12:43 PM -0700 Scott Silva
> <ssilva@sgvwater.com> wrote:
>
>> I get TONS of spam with legitimate DKIM signatures...
>
> DKIM and SPF do not stop you from getting spam. Their purpose is to keep
> you from getting joe-jobbed, by declaring to the world which mail really
> came from you. It protects email sources, not destinations.
>
> So you're getting "honest" spam that tells you that it really came from
> where it claims to have come from.
Yes... Hotmail and YAhoo let ANYONE sign up, and flood for a short time until
they get cut off. Legitimate source, but still crap...


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-01-2011, 11:13 PM
Bill Campbell
 
Default dealing with spoofing

On Thu, Sep 01, 2011, Always Learning wrote:
>
>On Thu, 2011-09-01 at 12:43 -0700, Scott Silva wrote:
>
>> I get TONS of spam with legitimate DKIM signatures...
>
>How is that possible ?

The spam comes from Yahoo! or perhaps Google groups?

Bill
--
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792

Good luck to all you optimists out there who think Microsoft can deliver
35 million lines of quality code on which you can operate your business.
-- John C. Dvorak
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-02-2011, 04:53 AM
Ned Slider
 
Default dealing with spoofing

On 01/09/11 22:10, Always Learning wrote:
>
> On Thu, 2011-09-01 at 12:43 -0700, Scott Silva wrote:
>
>> I get TONS of spam with legitimate DKIM signatures...
>
> How is that possible ?
>

Because spammers know how to sign their email with DKIM signatures too,
same as spammers can set an SPF record in DNS.

These are NOT specifically anti-spam techniques, they are designed to
prevent forgeries, not spam per se.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:17 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org