Re: [hampshire] Spoofed from address for emails

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MVic at <-
MMGordon Scott at ->

Reply to this message
Author: Steve Kemp
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [hampshire] Spoofed from address for emails
On Wed, Feb 07, 2007 at 12:04:19PM -0000, Vic wrote:

> Not even slightly true.
>
> Anyone who recognises a forged mail will *not* bounce to an address they
> already know to be forged - that's how you get listed for backscatter
> spam.

I have received bounce messages from systems which have SPF setup
and which have detected forgery. Sure it is broken .. but it still
happens.

> > (SPF is mostly broken anyway. Ahem.)
>
> Completely disagree. SPF is extremely functional despite it being less
> than ubiquitous.

Differing of opinion there, which I'll not argue.

> > The best thing to do is setup a filter for mail bounces and discard
> > them, ignoring the problem.
>
> This also means you will not be informed of any real email problems.

True enough. I generally save bounces into a folder "bounce" and
only check it sporadically, mostly I get spoofed-sender mails sitting
there. Still I guess automatically discarding them would be a bad
plan in general. For the duration of an attack it seems reasonable
enough though.

Steve
--


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [hampshire] Spoofed from address for emails[Hampshire] Checking /var/log/messages for an entry->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)