Loading ...
Sorry, an error occurred while loading the content.

215830RE: Question about "spoofing" emails.

Expand Messages
  • Chris St. Pierre
    Mar 1 12:19 PM
    • 0 Attachment
      On Thu, 1 Mar 2007, Juan Pablo Calomino wrote:

      > John User may think that his mailbox is being used,
      > because in the mail he sees that the sender is
      > himself, and he doesn't know about MIME.
      > I explain that it is fake, so he asks me to try to
      > stop this "spoofed" emails.
      > And here I am, trying to find ways to stop these
      > mails, without stopping valid mails.

      You really _can't_ stop these. Rejecting messages where envelope
      sender != from header is a Very Bad Idea that will get you mostly
      FPs. SPF is an effort to limit sender spoofing, but its effectiveness
      is limited by its adoption rate. (It's still worth publishing and
      checking SPF records, IMHO.)

      This generally only becomes an issue when clueless admins are
      producing backscatter, so helping eliminate backscatter will help.
      You can also read http://www.postfix.org/BACKSCATTER_README.html for
      tips on reducing bounce messages to forged senders.

      (Aside: I dearly hope that Dr. Ken Olum gets joe-jobbed:
      http://www.cio.com/technology/infrastructure/security/spam/five_things_about_fighting_spam.html?CID=28830)

      When you've implemented SPF records and eliminated any backscatter you
      might be sending, you're left with user training and that's about it.

      Chris St. Pierre
      Unix Systems Administrator
      Nebraska Wesleyan University
      -------------------
      Never send mail to thobrux@...
    • Show all 9 messages in this topic