PDA

View Full Version : Spam attack.



Armadillo
08-21-2004, 01:08 AM
This week I apprently had a spam attack.
I hadnt checked my e-mail all week (I usually get 20 e-mails a week after filtering).
So, today I checked it and had OVER 500 bounce-back spams!
:shock:
Could this be related to the "security upgrade" mistake that Westhost did?
:x
What can I do to avoid any more spam attacks?

FZ
08-21-2004, 04:58 AM
I doubt this is related to the security upgrade. This is just something we all have to deal with. It happened to me about a month ago too - an "unlisted" e-mail address I have (i.e. one that isn't on an web pages in a mailto: format, and isn't subscribed to any mailing lists/forums/etc.) started getting hundreds of Postmaster messages. They were all bounces due to someone (or something) spoofing my address. It was another virii epidemic - you know, the kind of virus that picks up your e-mail address from who knows where and then uses it to send out copies of itself to as many addresses as it can find... Yeah, well. I set up a Procmail filter to move any messages from mailer-daemons to a mailbox file I could manually look through later (instead of downloading each of the 40KB messages and deleting them manually). Besides that, I don't think there is much you can do. There may be hope though, in the form of SPF. Have a look at: http://forums.westhost.com/phpBB2/viewtopic.php?t=2095

wildjokerdesign
08-21-2004, 07:34 AM
I am using the SPF record on two of my main accounts and it hasn't seemed to caused any problems and I have not recieved any bounce backs on those accounts. Granted it has only been about a month or so and never really had a big problem with it but I think it may be well worth doing.

FZ
08-21-2004, 08:12 AM
Shawn,

Have the domains you are using the SPF records on ever undergone a problem of this sort (i.e. been used to spoof From: headers when sending spam/virii and then received hundreds of bouncebacks)?

I think WestHost said that the implementation of SPF they do for you (currently) is only good when other people check your mail for authenticity, i.e. it isn't a "full install" in that our mail server does not check mail we receive for authenticity. In that case, I don't see how it can help the fake bounceback problem - it's unlikely that every single person that receives mail with a spoofed From: containing a WestHost domain (with an SPF record) has SPF installed and realizes not to do anything but remove the mail (since it is forged).

wildjokerdesign
08-21-2004, 08:48 AM
No I have never had the problems that others mention on the forum i.e. 100's of bounces or spam. My current email/website accounts are only about 5 or so years old so not like some that I know have had them for much longer. I have also never published my email addresses and try to keep up on all the different things you can do to keep spam out like not haveing a catch all and some of the others.

Your right that at this point we can only acomplish step one of SPF wich is setting up the record for others to read and use unless you want to try and update sendmail and set things up our self on your account. What I think it does help is if something is sent out many of the big companies that offer free emails are starting to use it. I just read on the SPF site that Microsoft is going to start using it on all hotmail accounts in October. I think that Yahoo is already using it. So at least it would keep bounce backs from comeing back from the bigger email providers.

Maybe it is overkill but I just want to do everything I can to try and keep from ending up in the situation that many say they have recieveing 100's or 1000's of emails. I even change the email addys that my contact forms and such use from time to time.

Armadillo
08-21-2004, 06:21 PM
I think the spam attack happend after the security upgrade, and before the upgrades problems were fixed.

I'll look into SPF. Westhost can set that up for me?

Thanks.

wildjokerdesign
08-21-2004, 07:39 PM
I'll look into SPF. Westhost can set that up for me?


Yes you just need to email support that you would like them to add the record for you and how you want it set up. You can use the wizard on the SPF to figure out how you want it set up for you needs.

Armadillo
08-21-2004, 10:51 PM
Some of the things in the wizard I dont understand.
I gather, from the other topic, that the MX stuff isnt supported.

What I came up with is "v=spf1 a ptr -all".

Should I leave "ptr" and/or add "mx"?

wildjokerdesign
08-22-2004, 07:06 AM
I'm using "v=spf1 a mx ptr -all" and from what I understand if your email needs are not unique then that should take care of things. I'm still a bit hazy on how you can tweak the record but I think the above is kind of like the all purpose record that gives basic protection.