|
Re: [spf-discuss] Godaddy Policy
2006-03-03 13:32:02
It's not that difficult provided you are willing to do a lot of research and
be detail-oriented about security. Unfortunately a lot of spam is sent by
people who misappropriate the resources of other people's mailservers. To
avoid adding to the problem it is necessary to stay on top of the latest
news and continually re-check that your server is properly configured and
impervious to mis-use by others. If you (or someone you know) is able to
make a hobby of that, the rest is relatively easy! At least IMHO.
--Kaas
----- Original Message -----
From: <pay_now(_at_)yahoo(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, March 03, 2006 1:18 PM
Subject: Re: [spf-discuss] Godaddy Policy
Thanks. I appreciate the info.
This is a great support group for this issue and it
makes me feel a lot better.
At first I was upset because I thought "What if
someone thinks I'm sending this junk?" and now I
realize that so many folks have this nonsense
perpetrated upon them.
I think what annoyed me with Godaddy isn't that I
expect them to be able to do anything about it, but
the fact that its almost like they only respond when
you email them endlessly. The network person at my
job says they are the worst for this kind of issue
because they are a bulk registrar, they are cheap, and
"you get what you pay for." Not sure how true this
is, but that added to my aggrevation.
How hard is it to set up a dedicated mail server?
--- Kaas Baichtal <kaas(_at_)baichtal(_dot_)com> wrote:
Hello,
Believe me I feel your pain. I was going through
this with several domains
myself a couple years ago.
I did come up with a way to at least feel better
about all the bounce
messages from spoofing though. I configured my
mailserver to catch all
bounces to non-existent users on the spoofed domain
using a regexp client
access check like this:
/(_dot_)*(_at_)putdomainnamehere\(_dot_)com/ 550 Recipient
unknown. Please consider
implementing SPF (http://www.openspf.org/) to avoid
bouncing mail to spoofed
senders. Thank you.
Now any time I become aware that a domain on my
server is being spoofed
heavily I temporarily insert one of these for it,
and the server attempting
delivery receives a nice message in its log
advertising SPF. What better way
to spread the word about SPF than by having spammers
spread it to the very
servers that obviously haven't implemented it?
There's always a chance an
admin over there will see the message and become
curious.
And more to the point, I can now look at my logs and
smile, or at least be
neutral, instead of flying into an unhealthy rage
every day. That's worth
quite a bit.
I realize you don't have this kind of control over
your mailserver, your
hosting company does. And even if they were to
implement something like this
there'd likely be a manpower issue or at the very
least an auto-detection
issue since they probably have thousands of
customers.
But I thought I'd post it anyway since someone else
might read it and
benefit.
--Kaas
----- Original Message -----
From: <pay_now(_at_)yahoo(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, March 03, 2006 8:50 AM
Subject: [spf-discuss] Godaddy Policy
> Want to rant a bit, and get some opinion to make
sure
> I'm not out of line.
>
> For months now my domain has been spoofed with no
end
> in site. Godaddy is the host and registrar.
>
> When I first reported it to them they sent some
> message to me describing what spoofing is, etc.
>
> I would send them bouncebacks and get no response.
Of
> course, I would complain about the lack of
response.
>
> Finally, I get this response from them:
>
> "We have received your reply.
>
> We want to thank you for sending us the bounce
back
> message headers. We have researched your issue
and
> unfortunately we cannot prevent spoofing, nor can
any
> other ISP. We want to apologize for the trouble
you
> have experienced. SPF can help reduce the amount
of
> spoofing but ultimately spoofing is a criminal
> activity and the only way to prevent it is to
pursue
> the offender legally.
>
> If the office can assist you with further comments
or
> concerns, let us know."
>
> I'm wondering. Is this just a brushoff? Are the
> companies that can do better than this? Godaddy
> allows you to publish SPF records, which I'm still
> trying to learn.
>
> Thanks.
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
protection around
> http://mail.yahoo.com
>
> -------
> Sender Policy Framework: http://www.openspf.org/
> Archives at
http://archives.listbox.com/spf-discuss/current/
> To unsubscribe, change your address, or
temporarily deactivate your
> subscription,
> please go to
>
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at
http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
|
|