Educause Security Discussion mailing list archives
Re: spoofed addresses?
From: "Bruggeman, John" <jbruggeman () HUC EDU>
Date: Sat, 1 May 2004 13:46:24 -0400
Hello Jacob, We get a ton here too, mostly NDR and the like. We've been getting them for over a year now. I look at the headers to make sure the spam is NOT coming for our mail server and so far it's not. From what I can tell it's spoofed email addresses, annoying but there isn't anything you can do to stop it (at least that I'm aware of). It will be interesting to see what others have seen. John ======================================== John Bruggeman Director of Information Systems Hebrew Union College - Jewish Institute of Religion jbruggeman () huc edu Cincinnati * Jerusalem * Los Angeles * New York -----Original Message----- From: Barros, Jacob [mailto:jkbarros () GRACE EDU] Sent: Friday, April 30, 2004 5:28 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] spoofed addresses? Please tell me I'm not the only one... We're getting a LOT of NDR's and blocked message receipts from different hosts and all sorts of weird things. Typically they are messages carrying viruses circulating with our email addresses in the 'from' field. See (scrubbed) message threads below. I have scanned all suspected machines and never find any viruses or spyware or anything weird. I've done scanning on the internal network, checked for vulnerabilities on all the servers and it doesn't seem like we're causing the problem. My only assumption at this point is that our addresses are being spoofed. I see messages like these once a week. Right now I can show my manager what isn't happening, but is there any way I can verify if the address is being spoofed? Can I stop it? Is there any hope? I'm attempting to appease senior managers with black and white evidence so any insight would be appreciated. Jake Barros -----Original Message----- From: (grace employee) Sent: Friday, April 30, 2004 8:08 AM To: Helpdesk Subject: FW: Fax Message Received Is this virus different? (Rhetorical. no response needed) I've never before had students respond asking if I sent the message to them. Several have responded. It's really damaging my credibility! (grace employee) ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- spoofed addresses? Barros, Jacob (Apr 30)
- <Possible follow-ups>
- Re: spoofed addresses? Brent Sweeny (Apr 30)
- Re: spoofed addresses? Craig W. Drake (Apr 30)
- Re: spoofed addresses? Gary Flynn (Apr 30)
- Re: spoofed addresses? Bruggeman, John (May 01)