Re: People forging their From: addresses
- Date: Wed, 30 Sep 1998 11:50:26 +0200
- Notice-requested-upon-delivery-to: unitfj@localhost
On Tue, Sep 29, 1998 at 11:59:46AM -0700, Nate Waddoups wrote:
> On Thu, 17 Sep 1998, Mihai Ibanescu wrote:
>
> > A guy from one of AT&T's relays pretends he is oneaddress@localhost. He
> > sends TONS of mails to every possible address at AOL. Since a lot of those
> > addresses don't exist, AOL sends to postmaster@localhost all the error
> > messages. This is not exactly spam, but it's annoying because I get tons
> > of replays from AOL users that mydomain.ro is spamming, which is NOT true.
> >
> > What can be done in a situation like this? Complaining about it to
> > AT&T about their poor relaying is not a solution, I think.
We have been hit by the same problem and got about 20 complaints,
and about 5-6 reports, telling about the forgery.
I intended to report the case to the police, but realized that it
would require an estimate of how much that forged from address
actually costs us in money and reputation. Who knows about that.
I individually answered every single complaint which essentially said::
Please learn reading mail headers before you make a complaint.
I also removed the host from dns, hoping that some pending deliveries
out there would fail. (The host did not exist any more anyway).
Fortunately it was just a host name, not a domain name.
> I cannot help but wonder why spammers choose to use legitimate domain
> names when they forge "From" headers. What good could it possibly do
> them, as opposed to just using something that doesn't exist? Puzzling.
Many mail servers refuse to receive mail from addresses that contain
an unresolvable domain part.
I think the combination rbl.vix.com and rbl.dorkslayers.com is the
way to go. Let's have those open mail relays secured ASAP.
--
Med venlig hilsen / Regards
Netdriftgruppen / Network Management Group
UNI-C
Tlf./Phone +45 35 87 89 41 Mail: UNI-C
Fax. +45 35 87 89 90 Bygning 304
E-mail: torben.fjerdingstad@localhost DK-2800 Lyngby