Domain spoofing
- From: "Joe" <jjacob@xxxxxxxxxxxxxxxxx>
- Date: 15 Oct 2006 11:20:03 -0700
Hi,
I run an Exchange 2003 SP1 (soon to become SP2) \ Windows 2003
SP1 server for a company. I host email for two publicly registered
domains. We also use a spam filter located on the same physical
server upstream from the email server. For our purposes, this
configuration works acceptably. I have SPF records for both domains
with softfail enabled -- both companies websites are hosted outside of
my network.
Recently, users in one of the domains informed me that their inboxes
were overwhelmed with a number of NDRs and bouncebacks from various
external email systems. Their domain had been hijacked and used by
spammers.
I have checked and rechecked, I am not an open relay. And I believe
that I also have enough rules setup in my spam filter to block many of
the obvious attacks.
In looking at the bouncebacks \ returned email headers:
1) The bottom up received from header (the first message handoff)
shows the correct domain and ip address and
2) the email messages actually sent were spam and the return path
address was an email distribution list (the display names were bogus)
that happens to coincide with the domain name
What happened and how can I prevent this from happening again?
Thanks for your help!
.
- Follow-Ups:
- Re: Domain spoofing
- From: Rich Matheisen [MVP]
- Re: Domain spoofing
- From: Leif Pedersen [MVP]
- Re: Domain spoofing
- Prev by Date: Re: Hosting Exchange Services Licensing
- Next by Date: Re: Domain spoofing
- Previous by thread: Re: Hosting Exchange Services Licensing
- Next by thread: Re: Domain spoofing
- Index(es):
Relevant Pages
|
