Re: spoofed addresses?

[Gary Flynn <flynngn () JMU EDU>]

Barros, Jacob wrote:

> Please tell me I'm not the only one…  We're getting a LOT of NDR's and
> blocked message receipts from different hosts and all sorts of weird
> things.  Typically they are messages carrying viruses circulating with
> our email addresses in the 'from' field.  See (scrubbed) message threads
> below.

Hi Jacob,

This happens with every new wave of worms. We've got
information up on our web site because people get
concerned about it so often:

http://www.jmu.edu/computing/security/index.shtml#msg

I'm fairly comfortable telling our people that its
not likely coming from them because we block port 25,
forcing mail through official mail servers and scan
virus logs on those for infected systems in our address
space. Of course, if its a new one that our AV doesn't
detect, some may leak out.

Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.