Ok: this is a targetted attack

PC paul4004 at gmail.com
Mon Feb 11 22:41:57 UTC 2013


An SPF record will probably only add value if the receiving mail server for
the nanog list uses them to restrict allowed senders for the domain.


On Mon, Feb 11, 2013 at 2:51 PM, Rob McEwen <rob at invaluement.com> wrote:

> On 2/11/2013 4:39 PM, Sean Lazar wrote:
> > Jay, you need to have SPF records for your domain. This will prevent the
> > spoofing you are seeing.
>
> yep, while the purpose and effectiveness of SPF records are generally
> VERY overrated... yet for a situation like this, an SPF record is VERY
> valuable and it would be advised that you set this to a rather strict
> record for a period of time. (just try to account for all the various
> 3rd party sending scenarios your users do, like sending from a
> blackberry server, or e-mail forwarding, for any other situation where a
> legit 3rd party IP would be legitimately sending mail with a "from"
> address using your domain, etc.)
>
> Then again, if this is "spear phishing" or very personalized harassment,
> then the value of an SPF record would be somewhat uncharted territory
> (at least for me)... it would be interesting to see if that improves
> things. But, at the least, it would likely help some.
>
> --
> Rob McEwen
> http://dnsbl.invaluement.com/
> rob at invaluement.com
> +1 (478) 475-9032
>
>
>



More information about the NANOG mailing list