SPAM and Virus emails to NANOG

• Previous message (by thread): SPAM and Virus emails to NANOG
• Next message (by thread): quick qos request....
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 19 Mar 2004 17:10:21 EST, Jared Mauch said:

> 	These spoofed virii/worm/whatnot emails can be
> somewhat prevented in a few cases by the utilization of SPF

Note that this isn't a totally foolproof method.  We have a large (50K+)
subscriber list that's flagged as "post by list manager only" - and one of the
address-scraping worms managed to get the list name into the To: and the
manager's name into the From:.  Multiple times.  Like 50+. (Overlooking the
multiple hundreds that got trapped because they managed to get the  list in the
To: but address scraped a From: that wasn't allowed through).

Of course, locality-of-reference being what it is, the (un)lucky machine
happened to be actually at our site, so SPF wouldn't have done anything to stop
it.  Remember that if foo.com is a large corporation (as opposed to an open
ISP), most address scrapers will get luckiest at getting 'foo.com' into both
the From: and To: headers if they manage to whack a machine that's actually a
legitimate foo.com box.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040319/a0804e5a/attachment.sig>

• Previous message (by thread): SPAM and Virus emails to NANOG
• Next message (by thread): quick qos request....
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]