The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spoof Email using clients correct Email address

Discussion in 'E-mail Discussions' started by rustikat, Aug 21, 2006.

  1. rustikat

    rustikat Member

    Joined:
    Mar 26, 2005
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I have searched this forum and all over the internet, but have not been able to find the answer I need to correct this problem.

    My client is being bombarded with bounces because someone is using her email address to send mass spam mailings, all bounces are being returned to her email address, that IP is now starting to show up as blacklisted IP addresses and now I am getting the bounces.

    I have been told by a number of people that should be a lot smarter than me that I can't do any thing to stop this.

    I have the standare firewall, dos software etc, but nothing seems to work - I am not asking for someone to fix it - just point me to a solution that may work.

    Thanks
     
  2. nicklas

    nicklas Well-Known Member

    Joined:
    Dec 22, 2005
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    You could add a SPF record, not only for that domain but for all your accounts.
    There is a tread here on the forum about , do a search for SPF
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    SPF records won't do anything for bounce back emails from spam. There's very little you can do at all except ride it out. It usually peters out after a day or two.
     
  4. rustikat

    rustikat Member

    Joined:
    Mar 26, 2005
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thanks,
    I am trying that route at this moment.

    This has been going on for over a week now - If the SPF stops them from using the users email, then their can be no bounce backs.

    Will let you know how it turns out
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    SPF doesn't stop anyone from doing anything unless you filter out SPF record data yourself, and so does everyone else - which they don't as there's no requirement to.
     
  6. nicklas

    nicklas Well-Known Member

    Joined:
    Dec 22, 2005
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hi,

    Look here how to do that.

    http://www.openspf.org/wizard.html

    Then you could also consider to add this in your zone templates.
    This will add the SPF record automatic when you create a new account.

    Prevent is better then try to stop.
     
  7. rustikat

    rustikat Member

    Joined:
    Mar 26, 2005
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Tried the SPF solution - as chirpy stated - that did not correct the problem, client received 142 bounces over night.

    Any one else have a possible solution?

    I'll try anything at this point. mail server IP starting to show up on black lists.
     
  8. nicklas

    nicklas Well-Known Member

    Joined:
    Dec 22, 2005
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Yes, indeed, it won't stop the bounces. but it does stop sending in name off...
    I leave it up to you, its a preventing way....as said before...

    You could look at the IPs form the bounces ? APF ????

    Look who is visting your server, do you allow rely?

    you need to invest if they just send emails form other location or found a form on your customers website....

    Goto www.dnsreport.com and check that customers domain name, it might make things clear.

    Is it coming from inside, another customer who spams???

    You never know.....
     
    #8 nicklas, Aug 24, 2006
    Last edited: Aug 24, 2006
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, SPF does not do that at all. All it does is allow the few MTA's that have it configured tag email as likely spam. It does not stop anybody sending email with a forged From: address at all.

    As I mentioned before, there's little you can do except ride it out. Or if it becomes too much of a problem, stop hosting the domain.
     
  10. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This is really just a deficiency in the SMTP protocol. It basically lets you use any From address in your e-mail. Don't get me wrong, this can be valuable to some people, but it is also what can cause issues such as this in regards to spam.

    Anyone, anywhere in the world can send a message to an e-mail address and spoof the From address. There's no way to validate that the person using that From address is the person who owns that address. Like I said, this can be useful in situations where you legitimately need to write from different addresses. But how do you determine legitmate uses against malicious (spam) uses?

    SPF can help, but its dependant on all mail servers making use of the SPF process. If there are 100 SMTP servers in the world and 99 of them use SPF, then SPF does not help because there's still the 1 server that does not use it.

    Basically what you are looking at, is a revision to the SMTP protocol, which incorporates some type of sender validation (how this would be done, I have no idea). And then every SMTP server around the world would have to adopt this revision for it to really be useful. The problem with doing an SMTP revision now, is that there are so many SMTP servers out there thats its really just impossible to enforce that all SMTP servers have some type of sender validation process.

    I'm not sure how helpful SPF really is. On paper (atleast what I've read) it sounds good, but I'm not sure if it works that well in the practical use. However, all of this is moot anyway since only a handful of servers actually use SPF. Most servers tie a middle ground to SPF, they may check for an SPF which will aid in the determination of whether a message is spam, but its not the final say. This is because if a server rejected mail where the SPF record fails, then it would be rejected a lot of mail since most domains are not set up with SPF records.

    To really put it simple, to solve this issue that you are experiencing, would be a major undertaking for everyone on the Internet.
     
  11. nicklas

    nicklas Well-Known Member

    Joined:
    Dec 22, 2005
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Right...

    My servers have a zone template with SPF records and I hope everyone out there starts to invest that little time to get it done for their servers as well . Stop talking and start with it.
    If all hosting companys just do it, it would save them BW and a lot of time...and frustation.
     
  12. rustikat

    rustikat Member

    Joined:
    Mar 26, 2005
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for all the replys,

    chirpy it will be hard to stop hosting the site, It is my wifes business site, if I kicked her off I would be in a heap of trouble.

    nicklas - it's not coming from inside, that was checked weeks ago.

    It looks as if sparek-3 has the answer and that will happen after most have passed on to the happy hunting ground.

    The road ahead looks mighty bumpy, hope this type of thing doesn't happen to you guys.
     
Loading...

Share This Page