From: Chris St. Pierre (no email)
Date: Thu Mar 01 2007 - 15:19:50 EST
On Thu, 1 Mar 2007, Juan Pablo Calomino wrote:
> John User may think that his mailbox is being used,
> because in the mail he sees that the sender is
> himself, and he doesn't know about MIME.
> I explain that it is fake, so he asks me to try to
> stop this "spoofed" emails.
> And here I am, trying to find ways to stop these
> mails, without stopping valid mails.
You really _can't_ stop these. Rejecting messages where envelope
sender != from header is a Very Bad Idea that will get you mostly
FPs. SPF is an effort to limit sender spoofing, but its effectiveness
is limited by its adoption rate. (It's still worth publishing and
checking SPF records, IMHO.)
This generally only becomes an issue when clueless admins are
producing backscatter, so helping eliminate backscatter will help.
You can also read http://www.postfix.org/BACKSCATTER_README.html for
tips on reducing bounce messages to forged senders.
(Aside: I dearly hope that Dr. Ken Olum gets joe-jobbed:
http://www.cio.com/technology/infrastructure/security/spam/five_things_about_fighting_spam.html?CID=28830)
When you've implemented SPF records and eliminated any backscatter you
might be sending, you're left with user training and that's about it.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
-------------------
Never send mail to
|
|
|