Hello,
Believe me I feel your pain. I was going through this with several domains
myself a couple years ago.
I did come up with a way to at least feel better about all the bounce
messages from spoofing though. I configured my mailserver to catch all
bounces to non-existent users on the spoofed domain using a regexp client
access check like this:
/(_dot_)*(_at_)putdomainnamehere\(_dot_)com/ 550 Recipient unknown. Please consider
implementing SPF (http://www.openspf.org/) to avoid bouncing mail to spoofed
senders. Thank you.
Now any time I become aware that a domain on my server is being spoofed
heavily I temporarily insert one of these for it, and the server attempting
delivery receives a nice message in its log advertising SPF. What better way
to spread the word about SPF than by having spammers spread it to the very
servers that obviously haven't implemented it? There's always a chance an
admin over there will see the message and become curious.
And more to the point, I can now look at my logs and smile, or at least be
neutral, instead of flying into an unhealthy rage every day. That's worth
quite a bit.
I realize you don't have this kind of control over your mailserver, your
hosting company does. And even if they were to implement something like this
there'd likely be a manpower issue or at the very least an auto-detection
issue since they probably have thousands of customers.
But I thought I'd post it anyway since someone else might read it and
benefit.
--Kaas
----- Original Message -----
From: <pay_now(_at_)yahoo(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, March 03, 2006 8:50 AM
Subject: [spf-discuss] Godaddy Policy
Want to rant a bit, and get some opinion to make sure
I'm not out of line.
For months now my domain has been spoofed with no end
in site. Godaddy is the host and registrar.
When I first reported it to them they sent some
message to me describing what spoofing is, etc.
I would send them bouncebacks and get no response. Of
course, I would complain about the lack of response.
Finally, I get this response from them:
"We have received your reply.
We want to thank you for sending us the bounce back
message headers. We have researched your issue and
unfortunately we cannot prevent spoofing, nor can any
other ISP. We want to apologize for the trouble you
have experienced. SPF can help reduce the amount of
spoofing but ultimately spoofing is a criminal
activity and the only way to prevent it is to pursue
the offender legally.
If the office can assist you with further comments or
concerns, let us know."
I'm wondering. Is this just a brushoff? Are the
companies that can do better than this? Godaddy
allows you to publish SPF records, which I'm still
trying to learn.
Thanks.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com