spoof SPAM

[eMoo]

I'm having one of my domain names spoofed and used in a heavy spam campaign, Im getting thousands of emails bounced back to me with incorrect addresses on them sent out by the spoofers.

Is there any way to stop these pricks spoofing my domain?

[BillyGoat]

Spoof?
Those dirty pricks.

Can they be stopped??
Good luck.

[cwispy]

If you setup SPF records you will be able to prevent the spammers from using the domain for joe jobs to a certain extent. Google for "Sender Policy Framework".

[SystemRat]

Not a lot you can do unfortunately. Setting up an SPF record only works if the receiving system is setup to drop mail from spoofed sites.

Best I can suggest is setup a number of client rules, which look for NDR message content and delete the messages automatically.

[Joey]

Also do a google search for "Joe Job" this is what's happening to you.

Are most of the bounces coming back from the same places ?and are they coming to you with the original spam still in place or is the spam gone and you are just getting the NDR ? , NDR's are totally avoidable these days if people have their mail servers set up correctly to drop the connection at smtp level.

[crypto7]

Also do a google search for "Joe Job" this is what's happening to you.

Are most of the bounces coming back from the same places ?and are they coming to you with the original spam still in place or is the spam gone and you are just getting the NDR ? , NDR's are totally avoidable these days if people have their mail servers set up correctly to drop the connection at smtp level.

Are you talking about the "dont accept unless for a know user email address"?

As to SPF records I like the idea, but dont think they will take off. Its been a while now and my logs show over 90% of servers that send me proven valid emails dont have spf records setup. They also have the issue if "network hoppers" not being able to send email unless at the home network. A lot of ISP will only accept outbound emails from there IP Ranges.

Its way too easy to use anyones email address as a senders address.

Good luck, I hope it will drop off as the move to the next "senders" email address in their list....

[cwispy]

Are you talking about the "dont accept unless for a know user email address"?

Well thats one thing that should be a requirement for any mail server which is connected to the internet. It should check for all valid users, spam, virus and even over quota during the smtp conversation. Then any failures get left on the sending server, typically the spammers system or the exploited server and the problem is theirs to deal with, not yours.

As to SPF records I like the idea, but dont think they will take off. Its been a while now and my logs show over 90% of servers that send me proven valid emails dont have spf records setup.

SPF has actually picked up quite a lot of ground in the last few years, but the problem is it needs to be setup on every domain name. It has nothing to do with the isp, yet most isp's are now looking at SPF records when accepting emails.

They also have the issue if "network hoppers" not being able to send email unless at the home network. A lot of ISP will only accept outbound emails from there IP Ranges.

That is why we operate a submission port which requires authentication so that users can still send emails via the primary server from anywhere in the world.

Its way too easy to use anyones email address as a senders address.

Good luck, I hope it will drop off as the move to the next "senders" email address in their list....

Yes it is easy to use someone elses address, but as the spammers have found out, it is much harder where there are SPF records and also well configured spam filtering setup on the receiving servers.

[Joey]

Well thats one thing that should be a requirement for any mail server which is connected to the internet. It should check for all valid users, spam, virus and even over quota during the smtp conversation. Then any failures get left on the sending server, typically the spammers system or the exploited server and the problem is theirs to deal with, not yours.

In addition to cwispy's response is that while it's not your problem , bouncing / NDR's make it someone elses problem , 99.99% of them are email users that had nothing to do with sending the original message.
NEVER bounce / return to sender any spam , it will 100% never go back to the spammer it will only be delivered to the Forged Sender which is normally as innocent victim or anti spammer.

Auto responders , out of office responders etc are as much a problem as NDR's , dont do it !

It is probably also worth mentioning that a lot people who become victims of a "Joe Job" have caused it themselves by not having good virus protection on their pc's . Some people actually think they are victims but in fact are receiving bounces to spam their own PC is sending due to it being compromised .