Ok: this is a targetted attack

Sean Lazar knife at toaster.net
Mon Feb 11 21:39:18 UTC 2013


Jay, you need to have SPF records for your domain. This will prevent the
spoofing you are seeing.

http://en.wikipedia.org/wiki/Sender_Policy_Framework

$ dig @8.8.8.8 baylink.com TXT

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 baylink.com TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11443
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;baylink.com.            IN    TXT

;; AUTHORITY SECTION:
baylink.com.        194    IN    SOA    localhost. jra.baylink.com.
2011032901 28800 14400 86400 600

;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 11 13:36:33 2013
;; MSG SIZE  rcvd: 78

Sean

On 2/11/13 8:19 AM, Jay Ashworth wrote:
> Clearly, someone has decided to shoot at me specifically, since this
> latest spam supposedly from me:
>
> =====
> Received: from lpb01.clearspring.com ([206.165.250.240]
>  helo=lpb01-a.clearspring.local)
>  by sc1.nanog.org with esmtp (Exim 4.80 (FreeBSD))
>  (envelope-from <email at addthis.com>) id 1U4vc3-000Cq4-9q
>  for nanog at nanog.org; Mon, 11 Feb 2013 15:48:11 +0000
> Received: from lpb01.clearspring.local (localhost [127.0.0.1])
>  by lpb01-a.clearspring.local (8.14.4/8.14.4) with ESMTP id r1BFm5bG022255
>  for <nanog at nanog.org>; Mon, 11 Feb 2013 10:48:05 -0500
> Date: Mon, 11 Feb 2013 10:48:05 -0500
> From: jra at baylink.com
> To: nanog at nanog.org
> Message-ID: <57414784.191289.1360597685530.JavaMail.brainiac at lpb01.clearspring.local>
> =====
>
> is also about FTTH.
>
> FOR THE RECORD: I don't ever use "send this link to someone", and especially
> not to a mailing list; this isn't even my tenth rodeo.
>
> Cheers,
> -- jr 'DoS attack?  What's that?' a





More information about the NANOG mailing list