Re: ** Forged spamming going on

[Jon Lewis <jlewis () inorganic5 fdt net>]

On Mon, 21 Dec 1998, Robert Tarrall wrote:

> alex () nac net wrote:
> -> some luser off of AT&T DIalup is using mailme.com (my domain) for relaying
> -> mail:
> -> Received: from mailme.com (146.st-louis-71-72rs.mo.dial-access.att.net
> -> [...]
> -> He is sending thousands of emails to AOL users, who is then bouncing them
> -> to me.
> -> [...]
> -> Thinking about this, there is no solution; here are my options:
> -> 
>
> You forgot:
>
> 4) Deny relaying, which sendmail 8.9.1a will do by default (has worked
>   great for us so far), and

I almost said that, but then I read the header he posted.  This wasn't a
case of relaying...it's just "from address forgery".  The same problem I
posted about a week or two ago.  Some moron sends out a few hundred
thousand messages relayed through a variety of 3rd parties, claiming to be
from idontexist () yourscrewed com   yourscrewed com being your domain.  When
the 3rd party relays fail to deliver tens of thousands of messages because
the spammer bought a 3rd rate address list full of bogus addresses, guess
where the bounces go?

> 5) Deny access to dial-access.att.net (and dialsprint.net,da.uu.net,
>   pub-ip.psi.net, etc) which is what we're doing here just because we
>   get so much spam directly from such dialup accounts these days.

And if you use a service like iPass, this becomes highly inconvenient for
your customers unless you've setup a relay after pop3 hack.


----don't waste your cpu, crack rc5...www.distributed.net team enzo---
 Jon Lewis <jlewis () fdt net>  |  Spammers will be winnuked or 
 Network Administrator       |  nestea'd...whatever it takes
 Florida Digital Turnpike    |  to get the job done.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key________