RE: What about joe-jobs?

["Darren Foo" <badkarma2 () canada com>]

> Speaking of joe-jobs, what's the "proper" proceedure
> for >dealing with such?  The company I work for is
> currently >undergoing an admitedly minor joe-job.
> (about 300 or so >bounces that I've seen since mid  >
last week or so.)
> Any suggestions for dealing with this?

What domains are you seeing the joe-jobs from? We   >
see alot of joe jobbing attacks from the large webmail
providers eg. yahoo.com, hotmail.com, aol.com,
netscape.net, etc. A promising response that we've
been following is Sender Permitted From
http://spf.pobox.com . It's basically a reverse RBL.
The owner of a domain identifies ip's that are allowed
to send mail for that domain in a TXT DNS record. The
rest are tagged with a wildcard deny or probably
softdeny initially. If yahoo.com, hotmail.com etc alone
just added the DNS records, we'd all be able to
identify joe-jobbers of these domains. It won't help
their own spam situation but it'd help our massive
attacks of spoofed email. Spammers seem to use these
big providers since blocking all of hotmail.com or
yahoo.com is tough for other providers.