Watermarking and spoofed sender address
Kevin Miller
Kevin_Miller at ci.juneau.ak.us
Fri Mar 22 18:12:30 GMT 2013
Just occurred to me to tell you where the SPF list is: http://www.openspf.org/Forums
The spf-help list is the one you'll want to subscribe to.
I should have done that the other day...
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Robert Lopez
Sent: Wednesday, March 20, 2013 2:22 PM
To: MailScanner discussion
Subject: Re: Watermarking and spoofed sender address
Kevin,
You have pointed to several things I need to look into. All our senders send and receive as someone at cnm.edu<mailto:someone at cnm.edu>. The email gateways forward all email to anyone who is a students on to gmail.
No there is no specific SPF milter on inbound server. Yes MailScanner is accepting mail from the outside for all users.
I will contact the SPF mailing list. Thanks.
On Wed, Mar 20, 2013 at 12:48 PM, Kevin Miller <Kevin_Miller at ci.juneau.ak.us<mailto:Kevin_Miller at ci.juneau.ak.us>> wrote:
It's not clear to me how you're sending/receiving mail. Do users send/receive as someone at gmail.com<mailto:someone at gmail.com> or someone at cnm.edu<mailto:someone at cnm.edu>?
Also, you have SPF set to softfail. That will flag a message as a fail, but doesn't actually deny it. Are you running an SPF milter on your inbound server? I presume that you have a MailScanner host that is accepting mail from the outside for your users.
There's an SPF mailing list, similar to this list. Probably best to jump onto it. There's some sharp guys over there...
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500>
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Robert Lopez
Sent: Wednesday, March 20, 2013 9:28 AM
To: MailScanner discussion
Subject: Re: Watermarking and spoofed sender address
Kevin,
If we do use SPF could there be something in the way we use it that it does not help? We added it as part of our out soucing student email.
>From http://www.kitterman.com/getspf2.py as of Wed Mar 20 2013:
"
SPF record lookup and validation for: cnm.edu<http://cnm.edu>
SPF records are primarily published in DNS as TXT records.
The TXT records found for your domain are:
v=spf1 include:_spf.google.com<http://spf.google.com> mx ~all
SPF records should also be published in DNS as type SPF records.
Type SPF records found for the domain are:
v=spf1 include:_spf.google.com<http://spf.google.com> mx ~all
Checking to see if there is a valid SPF record.
Results - Record may be valid, but ambiguous: v=spf1 records of both type TXT and SPF (type 99) present, but not identical
Found v=spf1 record for cnm.edu<http://cnm.edu>:
v=spf1 include:_spf.google.com<http://spf.google.com> mx ~all
evaluating...
SPF record passed validation test with pySPF (Python SPF library)!
"
On Wed, Mar 20, 2013 at 10:20 AM, Kevin Miller <Kevin_Miller at ci.juneau.ak.us<mailto:Kevin_Miller at ci.juneau.ak.us>> wrote:
For what you're trying to do, SPF is a better option.
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500>
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Robert Lopez
Sent: Tuesday, March 19, 2013 3:58 PM
To: MailScanner discussion
Subject: Watermarking and spoofed sender address
I understand watermarking is to defend against "joe job blowback". I think I understand that blowback problem is when email is sent, using for example my address, to many other domains and all the flack (blow back) comes back to me.
I am wondering if this watermarking is of any use in a type of SPAM we now frequently see. It is where email is sent to a list of addresses, all at our domain, and the from address is also the first address in the address list. Everyone else thinks the first person sent it. Our gateways send such email to Exchange and any communication back to the sender is entirely within Exchange and never comes back through the gateways again.
In this kind of SPAM I have always considered it of no use. Am I wrong in my thinking?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130322/1548d444/attachment-0001.html
More information about the MailScanner
mailing list