** Forged spamming going on

Jon Lewis jlewis at inorganic5.fdt.net
Tue Dec 22 06:13:19 UTC 1998

On Mon, 21 Dec 1998, Robert Tarrall wrote:

> alex at nac.net wrote:
> -> some luser off of AT&T DIalup is using mailme.com (my domain) for relaying
> -> mail:
> -> Received: from mailme.com (146.st-louis-71-72rs.mo.dial-access.att.net
> -> [...]
> -> He is sending thousands of emails to AOL users, who is then bouncing them
> -> to me.
> -> [...]
> -> Thinking about this, there is no solution; here are my options:
> -> 
> You forgot:
> 4) Deny relaying, which sendmail 8.9.1a will do by default (has worked
>   great for us so far), and

I almost said that, but then I read the header he posted.  This wasn't a
case of relaying...it's just "from address forgery".  The same problem I
posted about a week or two ago.  Some moron sends out a few hundred
thousand messages relayed through a variety of 3rd parties, claiming to be
from idontexist at yourscrewed.com...yourscrewed.com being your domain.  When
the 3rd party relays fail to deliver tens of thousands of messages because
the spammer bought a 3rd rate address list full of bogus addresses, guess
where the bounces go?

> 5) Deny access to dial-access.att.net (and dialsprint.net,da.uu.net,
>   pub-ip.psi.net, etc) which is what we're doing here just because we
>   get so much spam directly from such dialup accounts these days.

And if you use a service like iPass, this becomes highly inconvenient for
your customers unless you've setup a relay after pop3 hack.

----don't waste your cpu, crack rc5...www.distributed.net team enzo---
 Jon Lewis <jlewis at fdt.net>  |  Spammers will be winnuked or 
 Network Administrator       |  nestea'd...whatever it takes
 Florida Digital Turnpike    |  to get the job done.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key________

More information about the NANOG mailing list