Wow, just goes to show how foreign such an open environment is to me - at least when it comes to email. Still, seems an SPF record covering all those IP ranges would be better than none at all.
________________________________ From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 23, 2008 1:23 PM To: MS-Exchange Admin Issues Subject: Re: NDR's generated via spoofed from address Public IPs across the board No automated vetting that I'm aware of for SMTP hosts sending outbound, UNLESS they match spambot profiles All inbound "filtered", so as far as my Exchange server is considered, everything originates at our border "tagging filter" On 4/23/08 1:02 PM, "Don Andrews" <[EMAIL PROTECTED]> wrote: This may sound like (and be) a stupid question, but why is it such a problem? Do you just allow ANY IP to send SMTP traffic to the internet or something? Seems like even that would be possible to cover with SPF. (Note, this is merely advertising which IPs are allowed to send as your domain, not necessarily checking inbound email for their SPF records.) ________________________________ From: Kennedy, Jim [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Sent: Wednesday, April 23, 2008 11:05 AM To: MS-Exchange Admin Issues Subject: RE: NDR's generated via spoofed from address I hear ya, ours is probably similar. edu networks can be exciting. But even if you can narrow it down to a class B that is an improvement......casting a wide address space in your SPF would at least eliminate a great part of the rest of the internet...... From: Salvador Manzo [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Sent: Wednesday, April 23, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: NDR's generated via spoofed from address Some of us have very weird network setups that make SPF records non-starters... (sigh) On 4/23/08 10:27 AM, "Kennedy, Jim" <[EMAIL PROTECTED]> wrote: You certainly should publish an SPF, it can help and causes no harm as you point out. But I would respectfully suggest that someone sending that much backscatter is already so clueless that they probably don't check SPF either. Firewall them. From: Don Andrews [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]> Sent: Wednesday, April 23, 2008 1:23 PM To: MS-Exchange Admin Issues Subject: RE: NDR's generated via spoofed from address Publishing an SPF record may help some depending on the domain(s) the NDR's are coming from. ________________________________ From: Clayton Doige [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]> Sent: Wednesday, April 23, 2008 5:38 AM To: MS-Exchange Admin Issues Subject: NDR's generated via spoofed from address Hi all, have a user who is getting nailed with NDR's for email she is not sending. We have verified that there are no matching emails coming out of the E2k3 SP2 server which means that someone 'out there' is spoofing the from address and NDR's are going to that address. What's the best bet to combat this? Said user is getting bored of deleting the NDR's Thanks in advance for any advice :-) Clayton Doige Project Management Consultant Green IT Solutions Ltd [EMAIL PROTECTED] 01277844943 07949255062 www.greenit.co.uk <http://www.greenit.co.uk> <http://www.greenit.co.uk> --- Salvador Manzo ----- Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 "Progress is made by lazy men looking for easier ways to do things." - Robert A. Heinlein ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
