Educause Security Discussion mailing list archives
Re: spoofed reply-to address
From: Jeremy Mooney <jmooney.edulists () GMAIL COM>
Date: Tue, 28 Jul 2009 15:01:30 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Barbara Deschapelles wrote on 7/27/09 08:33 :
Hello all, I've been reading through the archives of this list and am curious if anyone has found a cure. There are a few threads from a while back, but no one has offered any cure except for filtering all bounced messages to a folder. One of our deans is getting boat loads of bounced messages. It appears that some spammer is using her email address as the reply-to or from address. The original messages appear to come from a myriad of different systems, so I'm speculating that the spam was generated by a bot system of sorts.
Every existing solution has drawbacks which have varying impact in different environments (and varying collateral damage elsewhere too). If you're willing to route outbound mail through your barracudas (or can add an appropriate header to outbound messages), you could look into the Invalid Bounce Suppression option (Block/Accept, Sender Authentication, Invalid Bounce Suppression). I'd imagine this depends on the remote server not mangling headers too much (so would probably filter legit stuff). If you're just looking to not block legitimate bounces to the user, you could maybe have the filter to delete/hide bounces exclude messages containing Received lines of your outbound mail servers in the body/attachments. - -- Jeremy Mooney ITS - Bethel University -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iF0EARECAB0FAkpvWRoWGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRBiEJEZ/xdg lvtxAJ9f+upiKP0KSE+sDiiHWfj/cxyp6gCfVg6iqdQYg08hnKlPayJ2qtH90Qc= =OrTx -----END PGP SIGNATURE-----
Current thread:
- spoofed reply-to address Barbara Deschapelles (Jul 27)
- <Possible follow-ups>
- Re: spoofed reply-to address Jeremy Mooney (Jul 28)