nanog mailing list archives
Re: SPAM and Virus emails to NANOG
From: Valdis.Kletnieks () vt edu
Date: Fri, 19 Mar 2004 17:22:01 -0500
On Fri, 19 Mar 2004 17:10:21 EST, Jared Mauch said:
These spoofed virii/worm/whatnot emails can be somewhat prevented in a few cases by the utilization of SPF
Note that this isn't a totally foolproof method. We have a large (50K+) subscriber list that's flagged as "post by list manager only" - and one of the address-scraping worms managed to get the list name into the To: and the manager's name into the From:. Multiple times. Like 50+. (Overlooking the multiple hundreds that got trapped because they managed to get the list in the To: but address scraped a From: that wasn't allowed through). Of course, locality-of-reference being what it is, the (un)lucky machine happened to be actually at our site, so SPF wouldn't have done anything to stop it. Remember that if foo.com is a large corporation (as opposed to an open ISP), most address scrapers will get luckiest at getting 'foo.com' into both the From: and To: headers if they manage to whack a machine that's actually a legitimate foo.com box.
Attachment:
_bin
Description:
Current thread:
- SPAM and Virus emails to NANOG Gregory Taylor (Mar 19)
- Re: SPAM and Virus emails to NANOG Steven M. Bellovin (Mar 19)
- <Possible follow-ups>
- Re: SPAM and Virus emails to NANOG George William Herbert (Mar 19)
- Re: SPAM and Virus emails to NANOG Jared Mauch (Mar 19)
- Re: SPAM and Virus emails to NANOG Valdis . Kletnieks (Mar 19)
- Re: SPAM and Virus emails to NANOG Jared Mauch (Mar 19)