Mailing List Archive: SPF: Help

Spammers are using my email address ;-(

Index | Next | Previous | View Threaded

Chris at 011005

Aug 21, 2007, 6:28 AM

Post #1 of 16 (3306 views)
Permalink

Spammers are using my email address ;-(

Hi all,

I currently receive anywhere between 400-600 emails a
day that say that the "mail delivery failed" (or words
to that effect), where someone has put my email address
in their reply to address.

Does anyone know how this can be stopped, or at least
reduced please ?

Any help appreciated.

Chris.

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=33945094-97153e
Powered by Listbox: http://www.listbox.com

Chris at 011005

Aug 21, 2007, 6:35 AM

Post #2 of 16 (3225 views)
Permalink

RE: Spammers are using my email address ;-( [In reply to]

Just in case it helps, I'm on a static IP address and I
do have access to my mx records.

Would love some help on this.

Chris.

>-----Original Message-----
>From: Chris [mailto:Chris [at] 011005]
>Sent: Tuesday, August 21, 2007 3:29 PM
>To: spf-help [at] v2
>Subject: [spf-help] Spammers are using my email
address ;-(
>
>Hi all,
>
>I currently receive anywhere between 400-600 emails a
>day that say that the "mail delivery failed" (or words
>to that effect), where someone has put my email
address
>in their reply to address.
>
>Does anyone know how this can be stopped, or at least
>reduced please ?
>
>Any help appreciated.
>
>Chris.

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=33946732-51ec91
Powered by Listbox: http://www.listbox.com

alex at ergens

Aug 21, 2007, 6:41 AM

Post #3 of 16 (3234 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

On Tue, Aug 21, 2007 at 03:28:54PM +0200, Chris wrote:
> Hi all,
>
> I currently receive anywhere between 400-600 emails a
> day that say that the "mail delivery failed" (or words
> to that effect), where someone has put my email address
> in their reply to address.
>
> Does anyone know how this can be stopped, or at least
> reduced please ?

Yeah...

Never respond to spam, and most certainly do not buy products advertised
in spam. Then make sure everybody on this planet (and beyond?) follows
the same rule. As soon as there's no more money to make, these criminals
find another "job".

But you turned to spf-help, so you probably expect a more technical
answer :-)

SPF is a method where a receiver can find out about your legitimate
relays of email. If the receiver notices that a message is sent from
or through an unauthorized relay, this receiver can reject such a
message.

1: find out which relays you use
2: encode this information in "spf-speak"
3: publish this information in DNS

It will only work if the receiver cooperates. Not every receiver
will do so. Hopefully too many (from the spammer's perspective)
will cooperate.

In a later email you talk about "a static IP address". If you send
all your mail from this address and if all mail comes directly to
the destination, you only need to authorize that one IP address.

> Received: from mail.fastemailservers.com
(34.Red-80-26-114.staticIP.rima-tde.net [80.26.114.34]) by
chiclet.listbox.com (Postfix) with SMTP

"v=spf1 ip4:80.26.114.34 -all"

Publish this for any domain which is used for email.
(such as example.com, mail.example.com)

"v=spf1 -all"

Publish this for any domain which is NOT used for email.
(such as www.example.com)

HTH
Alex

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=33948867-805dda
Powered by Listbox: http://www.listbox.com

michael at breton

Aug 21, 2007, 6:45 AM

Post #4 of 16 (3234 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

>----- Original Message -----
>From: "Chris" <Chris [at] 011005>
>To: <spf-help [at] v2>
>Sent: Tuesday, August 21, 2007 9:28 AM
>Subject: [spf-help] Spammers are using my email address ;-(
>

> Hi all,
>
> I currently receive anywhere between 400-600 emails a
> day that say that the "mail delivery failed" (or words
> to that effect), where someone has put my email address
> in their reply to address.
>
> Does anyone know how this can be stopped, or at least
> reduced please ?

What is your domain? (Is it that 011005.com ? )

Does your DNS host allow you to create TXT records?

Tell us about your email system and how ALL email is sent, and what hosts it
goes through.

Michael Breton

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=33950325-34c2ba
Powered by Listbox: http://www.listbox.com

wecflash at lpco

Aug 21, 2007, 6:57 AM

Post #5 of 16 (3231 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

Alex,

I follow the correspondence for spf-help and want to thank you for the
common sense response in the first paragraph you gave to Chris today. That
gave me one of the best laughs I have had in a long time.

Also, thanks to all of the volunteers who are trying to help the rest of us.

Keep up the good work

Eddy Crosson
Product Engineer
Leonard Peterson & Co., Inc.
400 Webster Road Auburn, AL 36831
wecflash [at] lpco

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=33952219-206b09
Powered by Listbox: http://www.listbox.com

d.wall at computer

Aug 21, 2007, 10:17 AM

Post #6 of 16 (3241 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

We have SPF setup and we also get lots of bounces like this. It seems
that many email servers do not check SPF and thus accept email with the
PRA set to my company email address, and I then get the bounces. It's a
shame, but with so few receiving email servers checking SPF, even the
large number of SPF records created out there doesn't seem to help much,
though I suspect I'd get a whole lot more bounces if hotmail and the
others didn't.

David

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34060902-9265ce
Powered by Listbox: http://www.listbox.com

scott at kitterman

Aug 21, 2007, 10:22 AM

Post #7 of 16 (3235 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

On Tuesday 21 August 2007 13:17, David Wall wrote:
> We have SPF setup and we also get lots of bounces like this. It seems
> that many email servers do not check SPF and thus accept email with the
> PRA set to my company email address, and I then get the bounces. It's a
> shame, but with so few receiving email servers checking SPF, even the
> large number of SPF records created out there doesn't seem to help much,
> though I suspect I'd get a whole lot more bounces if hotmail and the
> others didn't.
>
In my experience, it takes a -all record to largely deter people from forging
domains (and not always then). Does your record end in -all?

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34063055-69d363
Powered by Listbox: http://www.listbox.com

lists at clifford

Aug 21, 2007, 10:22 AM

Post #8 of 16 (3239 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

On Tue, 21 Aug 2007, Chris wrote:

C> Hi all,
C>
C> I currently receive anywhere between 400-600 emails a
C> day that say that the "mail delivery failed" (or words
C> to that effect), where someone has put my email address
C> in their reply to address.
C>
C> Does anyone know how this can be stopped, or at least
C> reduced please ?
C>
C> Any help appreciated.
C>

I had this. They will move on eventually.

Shuffle any mail that is from a daemon and it is not your daemon off into
a separate mail box.

Procmail has a good daemon recognizing regular expression in man
procmailrc if you can use procmail. SPF will only be useful if other
people take notice of your spf records but needs to be done of course.

I do the daemon filtering after greylisting, spamassassin and other
procmail stuff.

On the other hand, I received such a bounce today (actully three of them)
that simply said, "Warning to sender. ScanMail has detected a virus in an
email you sent" and the "from" address was not identifiable as a daemon.
Stupid and irritating. But it still didn't make it into my inbox.

--
Alan

( Please do not email me AS WELL as replying to the list. Please
address personal email to alan+1@ as lists@ is not read. )

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34063283-339261
Powered by Listbox: http://www.listbox.com

d.wall at computer

Aug 21, 2007, 10:44 AM

Post #9 of 16 (3229 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

> In my experience, it takes a -all record to largely deter people from forging
> domains (and not always then). Does your record end in -all?
>
Yes, it ends with -all, but again it's not really a fault of SPF, just
the reality that so many email systems do not do SPF checking. There
are many more TXT records setup for SPF than there are email systems
that validate against them. What will be nice is when tools like
sendmail come with SPF filtering built in or more easily activated as
waiting for people to add patches or the like tends to mean most will
not do so. (I say this only because I need an update to sendmail before
I can even install the domain-keys milter -- and getting our email
servers updated is lot harder to do than it ought to be to overcome our
IT inertia.)

David

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34068704-9e04d5
Powered by Listbox: http://www.listbox.com

steve at teamITS

Aug 21, 2007, 11:10 AM

Post #10 of 16 (3244 views)
Permalink

RE: Spammers are using my email address ;-( [In reply to]

David Wall wrote on 8/21/2007 12:44:13 PM:

> What will be nice is when tools like
> sendmail come with SPF filtering built in or more easily activated as
> waiting for people to add patches or the like tends to mean most will
> not do so

It's probably more of a discussion for the spf-discuss list but
I think you are correct. Once SPF and/or Sender ID is approved as a
standard (vs. "experimental") I think adoption will accelerate.

To keep vaguely on topic, most of the bounced messages people
see from spam runs are from servers that accept all messages and then
generate their own bounces for undeliverable mail, instead of refusing
the message outright. Qmail and Exchange are two of the more common
ones that do this.

Most antivirus programs that scan e-mail also have an option to
send a "helpful" warning to the sender, which in today's world is really
an obsolete thing to do, since most viruses use fake addresses. Only in
the last 1-2 years have I started seeing this option default to off in
various antivirus programs.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- My 12 step program: never be more than twelve steps away from
chocolate.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34080070-7cf2a1
Powered by Listbox: http://www.listbox.com

paddy at panici

Aug 22, 2007, 3:01 AM

Post #11 of 16 (3221 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

ronald at elmit

Aug 22, 2007, 3:08 AM

Post #12 of 16 (3217 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

On Wed, 2007-08-22 at 10:01 +0000, paddy [at] panici wrote:
> On Tue, Aug 21, 2007 at 03:28:54PM +0200, Chris wrote:
> > Hi all,
> >
> > I currently receive anywhere between 400-600 emails a
> > day that say that the "mail delivery failed" (or words
> > to that effect), where someone has put my email address
> > in their reply to address.
> >
> > Does anyone know how this can be stopped, or at least
> > reduced please ?
> >
> > Any help appreciated.
> >
>
> there are two answers to this.
>
> You've heard the spf one, which is important. It is not enough
> to ignore the problem, it needs to be tackled at the source,
> and spf is the right tool to do that.
>
> You can also look (and probably already have looked) at filtering
> the bounces at your end. I think envelope signing schemes like SRS
> can be used to distinguish between 'good' and 'bad' bounces, so
> that you can reject the bad bounces.
>
> If you have a catch-all email address, you might want to consider
> whether it is worth the pain.
>

Again, what was the answer? How to get rid of the return emails?

> Regards,
> Paddy
>
> -------------------------------------------
> -----------------------------------------------------------------------
> Archives at http://archives.listbox.com/spf-help/current/ or
> http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to http://v2.listbox.com/member/?&
> Powered by Listbox: http://www.listbox.com
>

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34416238-514dfe
Powered by Listbox: http://www.listbox.com

paddy at panici

Aug 22, 2007, 3:18 AM

Post #13 of 16 (3226 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

On Tue, Aug 21, 2007 at 03:41:13PM +0200, Alex van den Bogaerdt wrote:
> On Tue, Aug 21, 2007 at 03:28:54PM +0200, Chris wrote:
> > Hi all,
> >
> > I currently receive anywhere between 400-600 emails a
> > day that say that the "mail delivery failed" (or words
> > to that effect), where someone has put my email address
> > in their reply to address.
> >
> > Does anyone know how this can be stopped, or at least
> > reduced please ?
>
> Yeah...
>
> Never respond to spam, and most certainly do not buy products advertised
> in spam. Then make sure everybody on this planet (and beyond?) follows
> the same rule. As soon as there's no more money to make, these criminals
> find another "job".

:-)

I agree that this would stop spam altogether.

SPF can effectively stop this kind of address forgery with wide enough
adoption, without the requirement that we all hold hands :-)

spam is bad, but to an inexpert user having thousands of emails appear
suddenly in their mailbox one day can be a show stopper, and yet it
seems to happen to most users eventually. It follows that if the spf
message gets out effectively, pretty much everyone will know about
it (or have it quietly warding of evil, never having heard of it)
fairly soon. modulo microsoft. Did I mention evil ? Even there,
I would bet the farm on a message signing technology.

Regards,
Paddy

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34433847-e802e7
Powered by Listbox: http://www.listbox.com

spf.pobox at logicalsolutns

Aug 22, 2007, 5:00 AM

Post #14 of 16 (3234 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

Chris,

I host a couple hundred domains and for several of those I have a
catch-all account that accepts mail for 'any' address going to the domain.

Every once in a while a spammer will 'make up' an email address using
one of those domains and start sending spam using the made-up return address.

Given that I'm using SPF records, and given the volume of rejected
email, it's pretty clear to me that a significant number of providers
dont use SPF verification.

As soon as I see rejections coming in to a 'made up' address, I
immediately add a block on that address on my mail server. This has
two positive consequences:

a) ISP's which don't use SPF, sometimes DO use sender-verification.
By putting a block (error-rejection) on the made-up address, servers
that employ sender verification will not accept the spam. And..

b) for servers that do accept the spam and try to send me a
rejection, I never see it.

After a week(ish), I generally remove the blocked email address and
life resumes normally (for a while).

-john

At 08:28 AM 8/21/2007, you wrote:
>Hi all,
>
>I currently receive anywhere between 400-600 emails a
>day that say that the "mail delivery failed" (or words
>to that effect), where someone has put my email address
>in their reply to address.
>
>Does anyone know how this can be stopped, or at least
>reduced please ?
>
>Any help appreciated.
>
>Chris.
>
>
>-------------------------------------------
>-----------------------------------------------------------------------
>Archives at http://archives.listbox.com/spf-help/current/ or
>http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
>To unsubscribe, change your address, or temporarily deactivate your
>subscription,
>please go to
>http://v2.listbox.com/member/?&
>Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34459377-60352e
Powered by Listbox: http://www.listbox.com

paddy at panici

Aug 22, 2007, 5:53 AM

Post #15 of 16 (3221 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

On Wed, Aug 22, 2007 at 07:00:55AM -0500, John Blazek wrote:
> Chris,
>
> I host a couple hundred domains and for several of those I have a
> catch-all account that accepts mail for 'any' address going to the domain.
>
> Every once in a while a spammer will 'make up' an email address using
> one of those domains and start sending spam using the made-up return
> address.
>
> Given that I'm using SPF records, and given the volume of rejected
> email, it's pretty clear to me that a significant number of providers
> dont use SPF verification.
>
> As soon as I see rejections coming in to a 'made up' address, I
> immediately add a block on that address on my mail server. This has
> two positive consequences:
>
> a) ISP's which don't use SPF, sometimes DO use sender-verification.
> By putting a block (error-rejection) on the made-up address, servers
> that employ sender verification will not accept the spam. And..
>
> b) for servers that do accept the spam and try to send me a
> rejection, I never see it.
>
> After a week(ish), I generally remove the blocked email address and
> life resumes normally (for a while).
>
> -john

if you are not at liberty to remove the catch-all then this sounds like
a workable strategy. From what I see quite a lot of spammers will use
the same made-up name over and over again.

Regards,
Paddy

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34465202-f86758
Powered by Listbox: http://www.listbox.com

paddy at panici

Aug 22, 2007, 5:55 AM

Post #16 of 16 (3218 views)
Permalink

Re: Spammers are using my email address ;-( [In reply to]

On Wed, Aug 22, 2007 at 06:08:18PM +0800, Ronald Wiplinger wrote:
> On Wed, 2007-08-22 at 10:01 +0000, paddy [at] panici wrote:
> > On Tue, Aug 21, 2007 at 03:28:54PM +0200, Chris wrote:
> > > Hi all,
> > >
> > > I currently receive anywhere between 400-600 emails a
> > > day that say that the "mail delivery failed" (or words
> > > to that effect), where someone has put my email address
> > > in their reply to address.
> > >
> > > Does anyone know how this can be stopped, or at least
> > > reduced please ?
> > >
> > > Any help appreciated.
> > >
> >
> > there are two answers to this.
> >
> > You've heard the spf one, which is important. It is not enough
> > to ignore the problem, it needs to be tackled at the source,
> > and spf is the right tool to do that.
> >
> > You can also look (and probably already have looked) at filtering
> > the bounces at your end. I think envelope signing schemes like SRS
> > can be used to distinguish between 'good' and 'bad' bounces, so
> > that you can reject the bad bounces.
> >
> > If you have a catch-all email address, you might want to consider
> > whether it is worth the pain.
> >
>
>
> Again, what was the answer? How to get rid of the return emails?
>

Ronald,

Why again ?

I know its FAQ, but other answers I had seen didn't seem to include
some aspects.

Regards,
Paddy

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=34466926-02897f
Powered by Listbox: http://www.listbox.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads