Educause Security Discussion mailing list archives

Re: spoofed addresses?

From: "Bruggeman, John" <jbruggeman () HUC EDU>
Date: Sat, 1 May 2004 13:46:24 -0400

Hello Jacob,

We get a ton here too, mostly NDR and the like.  We've been getting them for
over a year now.  I look at the headers to make sure the spam is NOT coming
for our mail server and so far it's not.  From what I can tell it's spoofed
email addresses, annoying but there isn't anything you can do to stop it (at
least that I'm aware of).

It will be interesting to see what others have seen.

John

========================================
John Bruggeman   Director of Information Systems
Hebrew Union College - Jewish Institute of Religion
jbruggeman () huc edu
Cincinnati  * Jerusalem  *  Los Angeles  *  New York

-----Original Message-----
From: Barros, Jacob [mailto:jkbarros () GRACE EDU]
Sent: Friday, April 30, 2004 5:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] spoofed addresses?


Please tell me I'm not the only one...  We're getting a LOT of NDR's and
blocked message receipts from different hosts and all sorts of weird things.
Typically they are messages carrying viruses circulating with our email
addresses in the 'from' field.  See (scrubbed) message threads below.
I have scanned all suspected machines and never find any viruses or spyware
or anything weird.   I've done scanning on the internal network, checked for
vulnerabilities on all the servers and it doesn't seem like we're causing
the problem.   My only assumption at this point is that our addresses are
being spoofed.
I see messages like these once a week.  Right now I can show my manager what
isn't happening, but is there any way I can verify if the address is being
spoofed?  Can I stop it?   Is there any hope?  I'm attempting to appease
senior managers with black and white evidence so any insight would be
appreciated.


Jake Barros



-----Original Message-----
From: (grace employee)
Sent: Friday, April 30, 2004 8:08 AM
To: Helpdesk
Subject: FW: Fax Message Received
Is this virus different? (Rhetorical. no response needed)
I've never before had students respond asking if I sent the message to them.
Several have responded.
It's really damaging my credibility!
(grace employee)


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

spoofed addresses? Barros, Jacob (Apr 30)
- <Possible follow-ups>
- Re: spoofed addresses? Brent Sweeny (Apr 30)
- Re: spoofed addresses? Craig W. Drake (Apr 30)
- Re: spoofed addresses? Gary Flynn (Apr 30)
- Re: spoofed addresses? Bruggeman, John (May 01)