Question

Locked

Recent Increase in email SPOOFING

By Toolman5774 ·
Recently, my colleagues and I have seen a drastic increase in the number of NDR's being sent to our users, in response to spoofed emails to various domains, being sent from various servers (not our own, of course). This began as a few sporatic returns, and has since increased accross several of our clients. With most filters not using SPF filtering (most of these domains have legit V1 SPF records), has anyone seen a method to cut this down? Anybody want to back me up with similar issues?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

looong battle...

by roberto In reply to Recent Increase in email ...

This is a very common scenario. Unfortunately there are too many anti-spam vendors that will, unbelievably, send an NDR bounce email to the (fake) sender whenever they stop a spam email. They should instead reject the spam via an SMTP error code, but you'l be amazed at the reasons they will provide when questioned about this crazy behavior.

There is really not a miracle solution for companies that are victim of email spoofing when spammers decide to use their email domain as the "fake" sender in their spam. Your own anti-spam solution that hopefully you have implemented will somewhat reduce the number of such emails, however, as often the NDRs are sent by legitimate companies (whose IT staff didn't realize the nightmare their brand-new anti-spam appliance is causing them and you..).

I'd recommend, if possible, to configure your antispam gateway to accept emails addressed to valid users only - if this feature is available. Some antispam products (ours is one of them) employ some sort or another of temporary blacklist IP caching, which causes IPs that send multiple spam (and NDRs addressed to non-existent users would qualify a spam) to be temporarily banned for a few minutes/hours as long as the malicious traffic continues. This allows the antispam software to only temporarily block the IP of the (legitimate) company only during the time they are sending tens of thousands of NDRs. When the attack stops, everything will be back to normal and you can continue receiving the legitimate emails from that company.

Collapse -

Spoofing Spams!!

by rsanchezp In reply to Recent Increase in email ...

I would agree with Roberto. I myself work with with a similar company who are battling on a day to day basis with SPAMS where I see many organizations starts receiving an amount of NDR's.

Spoofing can't first be eliminated by only accepting from validating e-mails. Many service providers do provide some sort of email address validation. This will help tremendously from *SPOOFING*.

Back to Networks Forum
3 total posts (Page 1 of 1)  

Hardware Forums