Print Page | Close Window

[off topic] How to get out from a spoofer

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5359
Printed Date: 21 October 2017 at 4:24am


Topic: [off topic] How to get out from a spoofer
Posted By: Alan
Subject: [off topic] How to get out from a spoofer
Date Posted: 18 October 2005 at 8:11pm
Anyone have any technique or suggestions on how to save a domain name from a spoofer? 

I've tried to have the spammer's websites shut down but NameCheap has no problem hosting the spammer's websites even when presented with mounds of evidence of spoofing someone elses domain as well as allowing obviously faked registration ID info so they have been no help at all.  Oh for the good old days of regulated domain registration.

No way to track the emails due to an obvious zombie network.

Here's and example of one the spammer's websites
<http://www.dates4funz.com/extra/angelsweet3>
Spammer always uses the "angelsweet3"

Anyone have any suggestions?

If not, is there at least a way to block the rejection notices that have the orignal email attached with this text in it?



Replies:
Posted By: Marco
Date Posted: 19 October 2005 at 8:08am

fight fire with fire, do some spoofing of your own and have the spoofable domain blacklisted by as many listing sites as possible.

just an idea, don't take me serious :)

regards,

Marco



-------------
Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams


Posted By: Marcus
Date Posted: 19 October 2005 at 1:46pm

If they have a link to <http://www.dates4funz.com/extra/angelsweet3>
in every one of their emails, a keyword block

(\bdates4funz\.com\b)

will trash every one of them.



Posted By: Alan
Date Posted: 19 October 2005 at 8:13pm
No this is the spammer spoofing your own domain, sending spam using your domain as the From: and Reply-To so you get all the bounces and rejections flooding your servers.

keyword block is not able to block rejection notices that do not include the original email in the body.

Originally posted by Marcus Marcus wrote:

If they have a link to <http://www.dates4funz.com/extra/angelsweet3>
in every one of their emails, a keyword block

(\bdates4funz\.com\b)

will trash every one of them.



Posted By: Marcus
Date Posted: 19 October 2005 at 8:45pm

Originally posted by Alan Alan wrote:


Anyone have any suggestions?

If not, is there at least a way to block the rejection notices that have the orignal email attached with this text in it?

See my first post.

You might want to utilize the "Authorized To Emails" and enter your legit users.  This should stop the NDR back to fake users.  Should cut down on of at least some of it.



Posted By: Alan
Date Posted: 21 October 2005 at 3:14pm
Roberto, can I submit a request for a LDAP feature?  Seems liek that woud be a great tool agains all sorts of dictionary spam attacks as well as fallout from spoofers.




Posted By: WebGuyz
Date Posted: 26 October 2005 at 1:28am
Why not use LDAP tools and have it create the AuthorizedTo.txt file every 10 to 30 minutes. It runs faster by SF reading it into memory than having ldap queries run for each and every incoming email.

-------------
http://www.webguyz.net


Posted By: LogSat
Date Posted: 26 October 2005 at 3:55pm
Alan,

We've thought about the LDAD / ActiveDirectory verificationin the past, but thought the same thing that WebGuyz mentioned.

Furthermore, we have users who receive millions of emails/day. That, along with the risk of spammers/hackers who could practically perform DoS attacks on your LDAP servers with millions of bogus authentication requests, also told us it may not have been a good idea...


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window