Spf

Printable View

June 24th, 2004, 07:34 PM
netman4ttm

Spf

I have no idea if this is the forum to ask this question; but here goes.

I'm getting hundreds of bounced e-mails. Six thousand a day is not uncommon. The problem is that my domain name is being spoofed.

Has anyone had any experience with SPF

http://spf.pobox.com/

This seems to be the ideal solution, even though it is not complete.

Thanks
June 24th, 2004, 07:51 PM
ss2chef

AFAIK, unless the mail servers taking the deliveries of the forged emails are using SPF as well, you will still probably get the NDRs.

If I understand the technology correctly...
June 24th, 2004, 07:56 PM
netman4ttm

True, but it looks as though some big players are in this game.

AOL for one and at this point even partial relief is better than none.
June 28th, 2004, 03:46 PM
SirDice

Sometimes the original headers get send along the NDR. Can't you trace one of those to find the culpret?
June 28th, 2004, 04:37 PM
netman4ttm

The culprit is

name@co - co cc

name can be any combination found on your keyboard.

with link to www.blyadi.biz which goes no where.
June 29th, 2004, 10:10 AM
SirDice

Aren't there any headers in those NDRs? A source email address is useless as it's probably spoofed.

Have you tried contacting the party that sends you the NDRs? Maybe you can work with them to trace it from their side. They'll probably have some problems to.
June 29th, 2004, 01:23 PM
netman4ttm

192.168.100.200

That number does not exist on any of my internal domains. And it should not appear at all. I thought that number would not go across the Internet, but obviously, I am wrong. Or someone knows how to spoof an IP number.

The forwarding mail server looks like--
adsl.nuria.telefonica-data.net at 80.28.152.240

Tried pinging that number no responce
June 29th, 2004, 01:30 PM
SirDice

Sounds like a spanish DSL user to me.
Can you post one of those NDRs here? Only remove the addresses that belong to you.

All times are GMT +1. The time now is 01:02 PM.