Watermarking and spoofed sender address

Martin Hepworth maxsec at gmail.com
Wed Mar 20 13:40:23 GMT 2013

the 'watermaking' is based on the ability of mailScanner to addin an extra
header containing a (I think) hash of your Org-name salted with the
predefined secret in your MailScanner.conf


Not any use for this case and it's purely for use in MailScanner code.

I would check your whitelisting rules (definitely no spam etc) and make
sure you're not whitelisting your own domain, this is a common mistake and
lets alot of spam through that would normally be detected. If you need to
whitelist your domain then use the ip-addresses of the internal email
servers and not your domain.

Martin Hepworth, CISSP
Oxford, UK

On 19 March 2013 23:57, Robert Lopez <rlopezcnm at gmail.com> wrote:

> I understand watermarking is to defend against "joe job blowback". I think
> I understand that blowback problem is when email is sent, using for example
> my address, to many other domains and all the flack (blow back) comes back
> to me.
> I am wondering if this watermarking is of any use in a type of SPAM we now
> frequently see. It is where email is sent to a list of addresses, all at
> our domain, and the from address is also the first address in the address
> list. Everyone else thinks the first person sent it. Our gateways send such
> email to Exchange and any communication back to the sender is entirely
> within Exchange and never comes back through the gateways again.
> In this kind of SPAM I have always considered it of no use. Am I wrong in
> my thinking?
> --
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130320/27384ab4/attachment.html 

More information about the MailScanner mailing list