Ok: this is a targetted attack
Sean Lazar
knife at toaster.net
Mon Feb 11 21:39:18 UTC 2013
Jay, you need to have SPF records for your domain. This will prevent the
spoofing you are seeing.
http://en.wikipedia.org/wiki/Sender_Policy_Framework
$ dig @8.8.8.8 baylink.com TXT
; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 baylink.com TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11443
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;baylink.com. IN TXT
;; AUTHORITY SECTION:
baylink.com. 194 IN SOA localhost. jra.baylink.com.
2011032901 28800 14400 86400 600
;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 11 13:36:33 2013
;; MSG SIZE rcvd: 78
Sean
On 2/11/13 8:19 AM, Jay Ashworth wrote:
> Clearly, someone has decided to shoot at me specifically, since this
> latest spam supposedly from me:
>
> =====
> Received: from lpb01.clearspring.com ([206.165.250.240]
> helo=lpb01-a.clearspring.local)
> by sc1.nanog.org with esmtp (Exim 4.80 (FreeBSD))
> (envelope-from <email at addthis.com>) id 1U4vc3-000Cq4-9q
> for nanog at nanog.org; Mon, 11 Feb 2013 15:48:11 +0000
> Received: from lpb01.clearspring.local (localhost [127.0.0.1])
> by lpb01-a.clearspring.local (8.14.4/8.14.4) with ESMTP id r1BFm5bG022255
> for <nanog at nanog.org>; Mon, 11 Feb 2013 10:48:05 -0500
> Date: Mon, 11 Feb 2013 10:48:05 -0500
> From: jra at baylink.com
> To: nanog at nanog.org
> Message-ID: <57414784.191289.1360597685530.JavaMail.brainiac at lpb01.clearspring.local>
> =====
>
> is also about FTTH.
>
> FOR THE RECORD: I don't ever use "send this link to someone", and especially
> not to a mailing list; this isn't even my tenth rodeo.
>
> Cheers,
> -- jr 'DoS attack? What's that?' a
More information about the NANOG
mailing list