nanog mailing list archives
Re: Ok: this is a targetted attack
From: PC <paul4004 () gmail com>
Date: Mon, 11 Feb 2013 15:41:57 -0700
An SPF record will probably only add value if the receiving mail server for the nanog list uses them to restrict allowed senders for the domain. On Mon, Feb 11, 2013 at 2:51 PM, Rob McEwen <rob () invaluement com> wrote:
On 2/11/2013 4:39 PM, Sean Lazar wrote:Jay, you need to have SPF records for your domain. This will prevent the spoofing you are seeing.yep, while the purpose and effectiveness of SPF records are generally VERY overrated... yet for a situation like this, an SPF record is VERY valuable and it would be advised that you set this to a rather strict record for a period of time. (just try to account for all the various 3rd party sending scenarios your users do, like sending from a blackberry server, or e-mail forwarding, for any other situation where a legit 3rd party IP would be legitimately sending mail with a "from" address using your domain, etc.) Then again, if this is "spear phishing" or very personalized harassment, then the value of an SPF record would be somewhat uncharted territory (at least for me)... it would be interesting to see if that improves things. But, at the least, it would likely help some. -- Rob McEwen http://dnsbl.invaluement.com/ rob () invaluement com +1 (478) 475-9032
Current thread:
- Ok: this is a targetted attack Jay Ashworth (Feb 11)
- Re: Ok: this is a targetted attack Sean Lazar (Feb 11)
- Re: Ok: this is a targetted attack Jay Ashworth (Feb 11)
- Re: Ok: this is a targetted attack Rob McEwen (Feb 11)
- Re: Ok: this is a targetted attack PC (Feb 11)
- Re: Ok: this is a targetted attack Rich Kulawiec (Feb 11)
- Re: Ok: this is a targetted attack Sean Lazar (Feb 11)