Rob McEwen wrote:
[EMAIL PROTECTED] wrote:
How can I tackle spam that came from my own e-mail address that I did
not send. Any info on how to prevent this will be greatly appreciated.
I'm not a big fan of Sender Policy Framework (SPF). But if/when
something like this happens to me or a client, I find it helps to set a
very strict SFP record saying that mail from that domain should *only*
come from your main official mail server. That way, recipients of such
spam will have more tools available for blocking such messages.
He can setup a rule to add some points if the From header contains his
domain except if the message "is ALL_TRUSTED". The details depend on his
mail flow architecture.
The second problem is that you are probably seeing much backscatter from
mis-configured servers sending out separate e-mails to your address
complaining about spam you didn't send. A good solution for that is to
run UCEProtect's backscatterer list.(http://www.backscatterer.org/). But
don't outright block on that list (unless you are disparate, this can be
applied to a single account, and are unable to do my additional
recommendations...)
Instead, it would be better to block if the sending IP is in
backscatterer.org *combined* with another attribute, such as the SMTP
Envelope reporting a "from" address that contains the term "postmaster"
or "mailer-daemon". Otherwise, you will probably have a significant
amount of FPs.
and if possible, only do that if the client tries to send mail.
otherwise, you'll also block sites that do CBV/SAV/* (sender
verification callout) such as lists.sourceforge.net.
