nanog mailing list archives
Re: Ok: this is a targetted attack
From: Rob McEwen <rob () invaluement com>
Date: Mon, 11 Feb 2013 16:51:56 -0500
On 2/11/2013 4:39 PM, Sean Lazar wrote:
Jay, you need to have SPF records for your domain. This will prevent the spoofing you are seeing.
yep, while the purpose and effectiveness of SPF records are generally VERY overrated... yet for a situation like this, an SPF record is VERY valuable and it would be advised that you set this to a rather strict record for a period of time. (just try to account for all the various 3rd party sending scenarios your users do, like sending from a blackberry server, or e-mail forwarding, for any other situation where a legit 3rd party IP would be legitimately sending mail with a "from" address using your domain, etc.) Then again, if this is "spear phishing" or very personalized harassment, then the value of an SPF record would be somewhat uncharted territory (at least for me)... it would be interesting to see if that improves things. But, at the least, it would likely help some. -- Rob McEwen http://dnsbl.invaluement.com/ rob () invaluement com +1 (478) 475-9032
Current thread:
- Ok: this is a targetted attack Jay Ashworth (Feb 11)
- Re: Ok: this is a targetted attack Sean Lazar (Feb 11)
- Re: Ok: this is a targetted attack Jay Ashworth (Feb 11)
- Re: Ok: this is a targetted attack Rob McEwen (Feb 11)
- Re: Ok: this is a targetted attack PC (Feb 11)
- Re: Ok: this is a targetted attack Rich Kulawiec (Feb 11)
- Re: Ok: this is a targetted attack Sean Lazar (Feb 11)