[LINK] Question re spoofing with bad reply address

Hamish Moffatt hamish at cloud.net.au
Wed Jul 9 17:27:08 AEST 2014


On 09/07/14 16:35, Karl Auer wrote:
> If you are asking why the sender address used was yours, it is for
> several reasons: Spammers like to use real sender addresses, because
> they are less likely to be identified as spammy senders. Also, the
> backscatter (such as the bounces you received, or the ire of the
> recipient) goes to someone else; the spammer isn't interested in seeing
> backscatter. And by distributing the backscatter the spammer obfuscates
> his/her location (otherwise the stream of backscatter returning to a
> single sender would help identify the spammer). And finally, most
> bounces include the original message, so the spammer gets two for the
> price of one - a shot at the original recipient, and a shot at the
> recipient of the bounce message.

Consider implementing SPF to prevent this. 
http://en.wikipedia.org/wiki/Sender_Policy_Framework

In summary, through the DNS you publish a list of all servers authorised 
to send mail from your domain, and how strict you want recipients to be. 
An SPF-aware receiving host will check the DNS when it receives mail, 
and reject any received from unlisted servers. This prevents your email 
address being forged.

DKIM and DMARC are relevant too.


Hamish



More information about the Link mailing list