[NCLUG] Re: spam help

Matt rosing at peakfive.com
Sat Sep 9 23:14:12 MDT 2006 

>>person doesn't exist, you look like spam} and this is all because some
>>spammer is using my domain as a return address. I know that the mail
>>is not coming from my machine because I've had my machine tested and
>
>Why are spammers using your domain as the sender address for spam?  Could
>it be because you've left your domain open to it?  While your e-mail server
>may not be allowing relaying directly, are you publishing an SPF record to
>allow remote hosts to determine if your domain has been hijacked?  If your
>talking about the domain that was used to send the message to this list,
>you are not using SPF.

I'm not using SPF, nor is any SPF record published for my domain. I
also don't understand enough about the forwarding issue to know if
that's going to cause me problems. When I first started spamassassin I
couldn't send myself mail because my ip address is in a huge block of
comcast addresses that is marked spam by one of the spam lists. So I
send all my email out through smtp.comcast.net.  Given that, what
would I use use for an SPF record? Is it my ip address? That's also
dynamic so I don't want to have to change the SPF record whenever my
ip address changes. Or is it smtp.comcast.net?  And isn't that several
addresses?  Or is it the no-ip address that points my domain to my
machine? I look at a mail header from a message I send myself and
there are quite a few addresses in it.

>I'd highly recommend you use SPF, it really helps.  I can't remember the
>last time we had someone forging our address, since we set up SPF records.

Is this because spammers give up on using your domain, because they
find it in the SPF record list?

>Back in the <gasp> '90s, we had some idiot send out an advertisement for a
>cookie recipe with a sender address of <yummy at tummy.com>.  Woke up one
>Saturday morning to 150,000 messages in my mailbox with bounces because of
>it.  Grrr.

:) My original problem was all the back scatter and I have since fixed
it by rejecting all email to my domain that doesn't have one of the
five or so account names that I use. Not elegant but quick and it
works.

Matt

More information about the NCLUG mailing list