Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - [off topic] How to get out from a spoofer
  FAQ FAQ  Forum Search   Register Register  Login Login

[off topic] How to get out from a spoofer

 Post Reply Post Reply
Author
Alan View Drop Down
Groupie
Groupie


Joined: 06 May 2005
Location: United States
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Topic: [off topic] How to get out from a spoofer
    Posted: 18 October 2005 at 8:11pm
Anyone have any technique or suggestions on how to save a domain name from a spoofer? 

I've tried to have the spammer's websites shut down but NameCheap has no problem hosting the spammer's websites even when presented with mounds of evidence of spoofing someone elses domain as well as allowing obviously faked registration ID info so they have been no help at all.  Oh for the good old days of regulated domain registration.

No way to track the emails due to an obvious zombie network.

Here's and example of one the spammer's websites
<http://www.dates4funz.com/extra/angelsweet3>
Spammer always uses the "angelsweet3"

Anyone have any suggestions?

If not, is there at least a way to block the rejection notices that have the orignal email attached with this text in it?
Back to Top
Marco View Drop Down
Senior Member
Senior Member
Avatar

Joined: 07 June 2005
Location: Netherlands
Status: Offline
Points: 137
Post Options Post Options   Thanks (0) Thanks(0)   Quote Marco Quote  Post ReplyReply Direct Link To This Post Posted: 19 October 2005 at 8:08am

fight fire with fire, do some spoofing of your own and have the spoofable domain blacklisted by as many listing sites as possible.

just an idea, don't take me serious :)

regards,

Marco

Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams
Back to Top
Marcus View Drop Down
Newbie
Newbie


Joined: 25 July 2005
Location: United States
Status: Offline
Points: 21
Post Options Post Options   Thanks (0) Thanks(0)   Quote Marcus Quote  Post ReplyReply Direct Link To This Post Posted: 19 October 2005 at 1:46pm

If they have a link to <http://www.dates4funz.com/extra/angelsweet3>
in every one of their emails, a keyword block

(\bdates4funz\.com\b)

will trash every one of them.



Edited by Marcus
Back to Top
Alan View Drop Down
Groupie
Groupie


Joined: 06 May 2005
Location: United States
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 19 October 2005 at 8:13pm
No this is the spammer spoofing your own domain, sending spam using your domain as the From: and Reply-To so you get all the bounces and rejections flooding your servers.

keyword block is not able to block rejection notices that do not include the original email in the body.

Originally posted by Marcus Marcus wrote:

If they have a link to <http://www.dates4funz.com/extra/angelsweet3>
in every one of their emails, a keyword block

(\bdates4funz\.com\b)

will trash every one of them.

Back to Top
Marcus View Drop Down
Newbie
Newbie


Joined: 25 July 2005
Location: United States
Status: Offline
Points: 21
Post Options Post Options   Thanks (0) Thanks(0)   Quote Marcus Quote  Post ReplyReply Direct Link To This Post Posted: 19 October 2005 at 8:45pm

Originally posted by Alan Alan wrote:


Anyone have any suggestions?

If not, is there at least a way to block the rejection notices that have the orignal email attached with this text in it?

See my first post.

You might want to utilize the "Authorized To Emails" and enter your legit users.  This should stop the NDR back to fake users.  Should cut down on of at least some of it.

Back to Top
Alan View Drop Down
Groupie
Groupie


Joined: 06 May 2005
Location: United States
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 21 October 2005 at 3:14pm
Roberto, can I submit a request for a LDAP feature?  Seems liek that woud be a great tool agains all sorts of dictionary spam attacks as well as fallout from spoofers.


Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2005 at 1:28am
Why not use LDAP tools and have it create the AuthorizedTo.txt file every 10 to 30 minutes. It runs faster by SF reading it into memory than having ldap queries run for each and every incoming email.
http://www.webguyz.net
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2005 at 3:55pm
Alan,

We've thought about the LDAD / ActiveDirectory verificationin the past, but thought the same thing that WebGuyz mentioned.

Furthermore, we have users who receive millions of emails/day. That, along with the risk of spammers/hackers who could practically perform DoS attacks on your LDAP servers with millions of bogus authentication requests, also told us it may not have been a good idea...
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.125 seconds.