Security Incidents mailing list archives
Re: email address probes
From: Ned Fleming <ned () kaw us>
Date: Thu, 06 Feb 2003 09:07:05 -0600
On Wed, 5 Feb 2003 20:54:19 +0000, Andy Bastien <lists+incidents () yuggoth net> wrote: [snip]
I'd like to be able to stop these attempts, but I can't think of a way to do it. All of the attempts are coming from valid servers from some domains that we can't block. They do all have null reverse-paths (MAIL FROM:<>), but I don't think that we can reject on this criteria
Maybe you're being joe-jobbed. To wit: A spammer is using your domain
name as the "From: xyz () yogguth net" or "Reply-To:" address on the spam
he's spewing.
http://www.spamfaq.net/terminology.shtml#joe_job
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- email address probes Andy Bastien (Feb 05)
- Re: email address probes Kee Hinckley (Feb 06)
- Re: email address probes Brad Arlt (Feb 06)
- Re: email address probes james (Feb 06)
- Re: email address probes Brad Arlt (Feb 07)
- Re: email address probes Greg A. Woods (Feb 06)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- RE: email address probes Rob Shein (Feb 07)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- Re: email address probes Dave Laird (Feb 06)
- Re: email address probes Ned Fleming (Feb 06)
- Re: email address probes Andy Bastien (Feb 07)
- <Possible follow-ups>
- RE: email address probes Johann Kruse (Feb 06)