Re: dangers of email forgery
A little more background on all of this is that both verizon and microsoft had earlier blacklisted shellworld.net on a domain basis as a result of the high volume of spam being forged by several addresses on that domain mine wasn't the only address that was targeted on shellworld.net and I know this since spammers did not use the BCC: field for their other addresses and several of those I read were shellworld.net addresses. -- Twitter: JudeDaShiell On Mon, 30 Mar 2015, Reindl Harald wrote: Am 30.03.2015 um 21:07 schrieb RW: On Mon, 30 Mar 2015 13:55:52 -0400 (EDT) Jude DaShiell wrote: One of them is that spammers forge your address so much you get your account blacklisted and end up having to have it shut down. That happened to me and the jdash...@shellworld.net account. AFAIK there is no blacklist that lists individual sender email addresses the only thing i can imagine from the OP is a URIBL listing the domain and i would be really interested which one would make such major mistakes - more realistic is a local sender blacklist like we do for all the new registered domains used for the recent Apple phishings
Re: dangers of email forgery
Hi, I wasn't and am not the admin of shellworld.net and don't know if the domain got set up with an spf record or not. I know one thing for sure, before I try setting up my own domain, I'll be back here and ask a few questions. For screen reader accessibility I've heard good things about freedns.eu but haven't had any dealings with them yet. The godaddy.com website for screen reader users is inaccessible so they'll not even be in the running. -- Twitter: JudeDaShiell On Mon, 30 Mar 2015, Reindl Harald wrote: Am 30.03.2015 um 19:55 schrieb Jude DaShiell: One of them is that spammers forge your address so much you get your account blacklisted and end up having to have it shut down. That happened to me and the jdash...@shellworld.net account. Anyone doing a google search on shellworld.net blacklisted will find my former shellworld.net address in the first document google returns did you have SPF at that time (now you have) if yes and blacklists listing you because of forged spam from foreign servers you should blame the blacklists and make them public so anybody can stop using that idiots causing collateral damage
Re: dangers of email forgery
On Tue, 2015-03-31 at 10:28 -0400, Jude DaShiell wrote: Hi, I wasn't and am not the admin of shellworld.net and don't know if the domain got set up with an spf record or not. Yes, it has SPF set up. I used this to see it: http://www.kitterman.com/spf/validate.html The first test on the page retrieves and displays SPF records. The second test can be used to validate an SPF record before you publish it. This will tell you all you ever wanted to know about SPF: http://www.openspf.org/ Martin
Re: dangers of email forgery
Am 30.03.2015 um 19:55 schrieb Jude DaShiell: One of them is that spammers forge your address so much you get your account blacklisted and end up having to have it shut down. That happened to me and the jdash...@shellworld.net account. Anyone doing a google search on shellworld.net blacklisted will find my former shellworld.net address in the first document google returns did you have SPF at that time (now you have) if yes and blacklists listing you because of forged spam from foreign servers you should blame the blacklists and make them public so anybody can stop using that idiots causing collateral damage signature.asc Description: OpenPGP digital signature
dangers of email forgery
One of them is that spammers forge your address so much you get your account blacklisted and end up having to have it shut down. That happened to me and the jdash...@shellworld.net account. Anyone doing a google search on shellworld.net blacklisted will find my former shellworld.net address in the first document google returns. As a result of spammers and blacklisting it's probably a good idea to minimize use of space on internet providers machines since sooner rather than later your account is going to get blown away. What would really be useful for any spam fighting package to acquire is the ability to automatically check headers on messages and forward servers found to be forging to a kill list so those servers could be blacklisted in turn. So far I know of no such software that will do this service. -- Twitter: JudeDaShiell
Re: dangers of email forgery
Am 30.03.2015 um 21:26 schrieb Martin Gregorie: On Mon, 2015-03-30 at 20:07 +0100, RW wrote: On Mon, 30 Mar 2015 13:55:52 -0400 (EDT) Jude DaShiell wrote: One of them is that spammers forge your address so much you get your account blacklisted and end up having to have it shut down. That happened to me and the jdash...@shellworld.net account. AFAIK there is no blacklist that lists individual sender email addresses. As Reindl says, detecting forged addresses is what SPF is for. If you own a domain which can send mail and is one where you expect to receive mail, you should have an SPF record set up for it. The SPF record should be used by other MTAs to see if the sender address is forged before attempting to send a 5xx reject message. The benefit to you is that you don't get showered with backscatter when spammers forge your domain as the spam's originator one correction: no server ever should *send* a 5xx reject message SPF or not REJECT with 5xx is the way to go the real problem with get your address forged are incompetent admins accepting undeliverable mail (mostly to non existing destination addresses), some of them even realize the SPF fail but finally blow out a bounce, the final idiots are doing this with postmaster@comanly.local as sender and not accepting email to postmaster / abuse one reason are the genius MS Exchange setips with a spamfilter in front, set the spamfilter IP to completly trusted and by incompetence in that moment also disable the address verification from the spamfilter been there - 600 backscatters to my private domain on one day signature.asc Description: OpenPGP digital signature
Re: dangers of email forgery
On Mon, 30 Mar 2015 21:47:10 +0200 Reindl Harald h.rei...@thelounge.net wrote: but i doubt that exchange don't know it's valid rcpt's and always backscatters with no way to disable that behavior - even in case of microsoft i doubt Google specifically for Exchange 2013. AFAIK, it's impossible in general to get Exchange 2013 to reject a RCPT command to a nonexistent user with a 5xx failure code. And if you're filtering for customers on Office 365, there's categorically no way to convince Microsoft that O365 should fail invalid RCPT commmands. Regards, David. signature.asc Description: PGP signature
Re: dangers of email forgery
On Mon, 30 Mar 2015 13:55:52 -0400 (EDT) Jude DaShiell wrote: One of them is that spammers forge your address so much you get your account blacklisted and end up having to have it shut down. That happened to me and the jdash...@shellworld.net account. AFAIK there is no blacklist that lists individual sender email addresses.
Re: dangers of email forgery
Am 30.03.2015 um 21:07 schrieb RW: On Mon, 30 Mar 2015 13:55:52 -0400 (EDT) Jude DaShiell wrote: One of them is that spammers forge your address so much you get your account blacklisted and end up having to have it shut down. That happened to me and the jdash...@shellworld.net account. AFAIK there is no blacklist that lists individual sender email addresses the only thing i can imagine from the OP is a URIBL listing the domain and i would be really interested which one would make such major mistakes - more realistic is a local sender blacklist like we do for all the new registered domains used for the recent Apple phishings signature.asc Description: OpenPGP digital signature
Re: dangers of email forgery
On Mon, 30 Mar 2015 21:34:02 +0200 Reindl Harald h.rei...@thelounge.net wrote: one reason are the genius MS Exchange setips with a spamfilter in front, set the spamfilter IP to completly trusted and by incompetence in that moment also disable the address verification from the spamfilter Recipient verification is disabled by default in Exchange, and it's almost impossible to ENable it in Exchange 2013. :( Microsoft-- We've had to play ghastly tricks to catch bounces from our Exchange-using customers and use heuristics to decide whether or not they're legit. It's the only way we can stay off backscatterer.org Regards, David. signature.asc Description: PGP signature
Re: dangers of email forgery
On Mon, 30 Mar 2015 20:07:56 +0100 RW rwmailli...@googlemail.com wrote: AFAIK there is no blacklist that lists individual sender email addresses. There's this one: https://code.google.com/p/anti-phishing-email-reply/ but its contributors are usually quite competent and won't list a joe-jobbed address. Regards, David.
Re: dangers of email forgery
Am 30.03.2015 um 21:42 schrieb David F. Skoll: On Mon, 30 Mar 2015 21:34:02 +0200 Reindl Harald h.rei...@thelounge.net wrote: one reason are the genius MS Exchange setips with a spamfilter in front, set the spamfilter IP to completly trusted and by incompetence in that moment also disable the address verification from the spamfilter Recipient verification is disabled by default in Exchange, and it's almost impossible to ENable it in Exchange 2013. :( Microsoft-- We've had to play ghastly tricks to catch bounces from our Exchange-using customers and use heuristics to decide whether or not they're legit. It's the only way we can stay off backscatterer.org hm - not so long ago talking with a ms admin on the phone he was able to tell me switch which needs to be enabled - not sure which version but i doubt that exchange don't know it's valid rcpt's and always backscatters with no way to disable that behavior - even in case of microsoft i doubt signature.asc Description: OpenPGP digital signature
Re: dangers of email forgery
On Mon, 2015-03-30 at 20:07 +0100, RW wrote: On Mon, 30 Mar 2015 13:55:52 -0400 (EDT) Jude DaShiell wrote: One of them is that spammers forge your address so much you get your account blacklisted and end up having to have it shut down. That happened to me and the jdash...@shellworld.net account. AFAIK there is no blacklist that lists individual sender email addresses. As Reindl says, detecting forged addresses is what SPF is for. If you own a domain which can send mail and is one where you expect to receive mail, you should have an SPF record set up for it. The SPF record should be used by other MTAs to see if the sender address is forged before attempting to send a 5xx reject message. The benefit to you is that you don't get showered with backscatter when spammers forge your domain as the spam's originator. Martin
Re: dangers of email forgery
Am 30.03.2015 um 21:52 schrieb David F. Skoll: On Mon, 30 Mar 2015 21:47:10 +0200 Reindl Harald h.rei...@thelounge.net wrote: but i doubt that exchange don't know it's valid rcpt's and always backscatters with no way to disable that behavior - even in case of microsoft i doubt Google specifically for Exchange 2013. AFAIK, it's impossible in general to get Exchange 2013 to reject a RCPT command to a nonexistent user with a 5xx failure code. And if you're filtering for customers on Office 365, there's categorically no way to convince Microsoft that O365 should fail invalid RCPT commmands well, than you can't use recent MS Exchange as a MX and have to place a MTA in front which get it's user list via database, LDAP or whatever and is able to reject invalid RCPTs signature.asc Description: OpenPGP digital signature
Re: dangers of email forgery
On Mon, 30 Mar 2015 23:41:21 +0200 Reindl Harald h.rei...@thelounge.net wrote: well, than you can't use recent MS Exchange as a MX and have to place a MTA in front which get it's user list via database, LDAP or whatever and is able to reject invalid RCPTs Indeed. Office 365 does not grant LDAP access. So the only way is to explicitly list all valid recipients in the filtering machine, which is not a very nice solution. Regards, David.