nanog mailing list archives
Re: SPF Configurations
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Tue, 08 Dec 2009 13:19:16 -0500
3. Spammers abusing your webmail and/or remote message submission service using phished credentials.
I'll admit .. this has happened a few times too. Usually we see the incoming phish attempt and configure an outbound block for RE: (same subject) and it never fails .. we catch at least one person that responds. We've seriously considered sending our own phishing emails with a link that automatically disables anyone's account if they click it.
If your incoming spam blocks are effective then forwarding shouldn't be too much of a problem.
Never-ending game of cat & mouse. Our volume is 1.5-2m msg/day, and I'd say we catch ~95% of it .. but when a batch gets through and a third of our students have mail forwarded to Yahoo, from Yahoo's point-of-view, they just got 10,000 spam from our IPs.
For on-campus bots, block port 25 and ensure your MX servers can't be used as outgoing relays
We do that, as well as run daily reports on outbound ACL denies to see who's been compromised (or being naughty on purpose).
(i.e. put your outgoing relay service on a separate address). If you are lucky your colleagues chose a really obscure name (not mail.* or smtp.* etc.)
They did.
To protect against phished accounts, apply rate-limits to outgoing email. If you have good on-campus security hygeine then you can be much less strict about the limits for on-campus connections.
Anyone know how to do this in Domino off-hand? (without sending IBM a fat check) .. if so, I'd love to hear about it so I can tell our Lotus admins. Cheers, Michael Holstein Cleveland State University
Current thread:
- Re: SPF Configurations, (continued)
- Re: SPF Configurations Lars Eggert (Dec 04)
- Re: SPF Configurations Sean Donelan (Dec 06)
- Re: SPF Configurations Bill Stewart (Dec 06)
- Re: SPF Configurations Sean Donelan (Dec 07)
- Re: Official Mail, was SPF Configurations John Levine (Dec 07)
- Re: SPF Configurations Michael Holstein (Dec 07)
- Re: SPF Configurations Douglas Otis (Dec 07)
- Re: SPF Configurations Suresh Ramasubramanian (Dec 07)
- Re: SPF Configurations Tony Finch (Dec 08)
- Re: SPF Configurations Suresh Ramasubramanian (Dec 08)
- Re: SPF Configurations Michael Holstein (Dec 08)
- Re: SPF Configurations Tony Finch (Dec 08)
- RE: SPF Configurations Jeffrey Negro (Dec 04)