nanog mailing list archives
RE: What about joe-jobs?
From: "Darren Foo" <badkarma2 () canada com>
Date: Thu, 25 Sep 2003 10:13:39 -0700 (PDT)
Speaking of joe-jobs, what's the "proper" proceedure for >dealing with such? The company I work for is currently >undergoing an admitedly minor joe-job. (about 300 or so >bounces that I've seen since mid >
last week or so.)
Any suggestions for dealing with this?
What domains are you seeing the joe-jobs from? We > see alot of joe jobbing attacks from the large webmail providers eg. yahoo.com, hotmail.com, aol.com, netscape.net, etc. A promising response that we've been following is Sender Permitted From http://spf.pobox.com . It's basically a reverse RBL. The owner of a domain identifies ip's that are allowed to send mail for that domain in a TXT DNS record. The rest are tagged with a wildcard deny or probably softdeny initially. If yahoo.com, hotmail.com etc alone just added the DNS records, we'd all be able to identify joe-jobbers of these domains. It won't help their own spam situation but it'd help our massive attacks of spoofed email. Spammers seem to use these big providers since blocking all of hotmail.com or yahoo.com is tough for other providers.
Current thread:
- RE: What about joe-jobs? Darren Foo (Sep 25)
- AOL Proxy Servers not connecting via https mike harrison (Sep 25)
- Re: AOL Proxy Servers not connecting via https Brian Bruns (Sep 25)
- Re: AOL Proxy Servers not connecting via https mike harrison (Sep 25)
- Re: AOL Proxy Servers not connecting via https Brian Bruns (Sep 25)
- AOL Proxy Servers not connecting via https mike harrison (Sep 25)