Re: Spoof, Spam & Blacklist

[AJ <heuristix () gmail com>]

The onus here is on Company DEF. If they do not understand that spam
can be (and very often is) sent from spoofed addresses, that's the
primary problem.

If this blacklist is DEF's company blacklist you don't have any
options other than trying to explain how spoofing works to DEF
representatives and convincing them that this attack was indeed
spoofed. If the blacklist is a public blacklist, you would complain to
the owner/maintainer of the blacklist.

As an email admin you should monitor public blacklists to alert you
if/when IPs belonging to your company get added to one and then
respond as warranted. If you are a trusted partner of DEF or do
business with them, you may be able to convince them to whitelist the
IP address(es) of your mail server(s) since IP addresses of
uncompromised hosts cannot be spoofed in smtp transactions.

Aarjav

On Feb 7, 2008 2:27 PM, J. Lion <jv4l1n4 () gmail com> wrote:
> Scenario
> Bad Guy(s) spoof Company ABC email and launch spam on members of
> popular search engine and online email provider (Company DEF)
> Spammed DEF members reported the spam
> Company DEF respond by looking up Company ABC's IPs and blacklisted
> them (instead of offending IP address(es))
>
> Questions
> How do you get Company ABC off DEF blacklist?
> How do you prevent Company ABC from getting blacklisted again?