spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Godaddy Policy

2006-03-03 11:01:31

Hello,

Believe me I feel your pain. I was going through this with several domains myself a couple years ago.

I did come up with a way to at least feel better about all the bounce messages from spoofing though. I configured my mailserver to catch all bounces to non-existent users on the spoofed domain using a regexp client access check like this:

/(_dot_)*(_at_)putdomainnamehere\(_dot_)com/ 550 Recipient unknown. Please consider implementing SPF (http://www.openspf.org/) to avoid bouncing mail to spoofed senders. Thank you.

Now any time I become aware that a domain on my server is being spoofed heavily I temporarily insert one of these for it, and the server attempting delivery receives a nice message in its log advertising SPF. What better way to spread the word about SPF than by having spammers spread it to the very servers that obviously haven't implemented it? There's always a chance an admin over there will see the message and become curious.

And more to the point, I can now look at my logs and smile, or at least be neutral, instead of flying into an unhealthy rage every day. That's worth quite a bit.

I realize you don't have this kind of control over your mailserver, your hosting company does. And even if they were to implement something like this there'd likely be a manpower issue or at the very least an auto-detection issue since they probably have thousands of customers.

But I thought I'd post it anyway since someone else might read it and benefit.

--Kaas




----- Original Message ----- From: <pay_now(_at_)yahoo(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, March 03, 2006 8:50 AM
Subject: [spf-discuss] Godaddy Policy


Want to rant a bit, and get some opinion to make sure
I'm not out of line.

For months now my domain has been spoofed with no end
in site.  Godaddy is the host and registrar.

When I first reported it to them they sent some
message to me describing what spoofing is, etc.

I would send them bouncebacks and get no response.  Of
course, I would complain about the lack of response.

Finally, I get this response from them:

"We have received your reply.

We want to thank you for sending us the bounce back
message headers.  We have researched your issue and
unfortunately we cannot prevent spoofing, nor can any
other ISP.  We want to apologize for the trouble you
have experienced.  SPF can help reduce the amount of
spoofing but ultimately spoofing is a criminal
activity and the only way to prevent it is to pursue
the offender legally.

If the office can assist you with further comments or
concerns, let us know."

I'm wondering.  Is this just a brushoff?  Are the
companies that can do better than this?  Godaddy
allows you to publish SPF records, which I'm still
trying to learn.

Thanks.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>