Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Stopping email identity spoofing

Wednesday, August 25, 2004 Comments

 Personal 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

Over the last few months, I have seen my company's web site domain used as the originator of a lot of spam. I know this because I get the spam email bounced back, and checking the header information, I verify that my domain name is part of the email address. I know the spammers are not using my mail server as the relay point, but they are using my domain name as if it is coming from me (or "someone" at my company -- they always come up with clever names as if that person works for me).

Fortunately, there are some initiatives forming to stop this. Valery mentions this in his own post:

So, if inbound e-mail server was simply checking that sending e-mail server's IP address matches the IP address that is published in the DNS record, then at least that kind of scam would be detected! Good news here is that for helping to add such check to inbound e-mail servers for inbound e-mail processing, Microsoft recently released beta version of their royalty-free “Sender ID framework” and is working with IETF for approving it as an Internet standard. Here is the link:

http://www.microsoft.com/mscorp/twc/privacy/spam_senderid.mspx

 

Check it… use it… help to stop these nasty spooffers/scammers/spammers!

I completely agree; the sooner the better!

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook