Email Spam useage

[pinewoodblue]

Evening all...noticed that for the last few days, I have been getting returned emails with delivery failure.

They all appear in my mail@bootbay.co.uk (the catch-all account)

Had a look and the offending emails have a false FROM: ie adwr@bootbay.co.uk and are being used to send out spam mails (these ones are Stock Buys)...

Is there nowt anyone can do about these? I realise that they should be picked up by individuals SPAM rules due to dodgy sender ID but it's a pain!

[Jacob]

Unfortunately, we can't do anything about this however I would suggest:

1. Turning off the catch-all address on your account as this may reduce the number of bounce back emails

2. Setting up a filter in your email client to move all bounce back messages into your Deleted Items.

3. Remove any auto-responders that are setup

If you require any further assistance, please feel free to contact us.

Regards,

Jacob

[DaveLegg]

I would also make the suggestion that you setup an SPF record for your domain, this way, if people do get spammed from someone using one of your addresses, there's chance their mail server will drop the email before they see it, or if they do receive it, the SPF will show it wasn't a genuine mail from you, so it gives you some amount of protection in a way.

[Neil]

"I would also make the suggestion that you setup an SPF record for your domain"

How do you do this?

Neil

[DaveLegg]

The easiest way is using the SPF wizard at: http://www.openspf.org/wizard.html

If you send email using your ISP's mail servers, make sure you find out the correct way to include them as well.

My SPF for example is:
"v=spf1 a mx ip4:69.93.36.130 ip4:84.18.207.34 ip4:84.18.207.4 include:aspmx.googlemail.com ~all"

You'll see I have in there:
a - includes the server that the a record for the domain points to (so the server you get to via dlpwd.co.uk)
mx - Any server in the mx list for the domain
ip4:69.93.36.130 ip4:84.18.207.34 ip4:84.18.207.4 - Three specific IP's (cat2's mail server (orange), Grape (the one that runs my website) and another that also hosts my sites)
include:aspmx.googlemail.com - Include any servers allowed to send email by the spf record at aspmx.googlemail.com (google host my email, so I use their smtp service)
~all - Specifies that this is all servers permitted to send email from @dlpwd.co.uk addresses (~ causes a softfail, if the server sending the mail doesn't match the list (I'm considering changing to hard fail - as I'm now sure everything is working).

Once you have your SPF record generated, add it as a txt record to your domain (Open a ticket if you don't have the zone-editor, and I'm sure the guys will help you out)

Once it's in place, give it 24-48 hours to propogate, then send an email to check-auth@verifier.port25.com it will automatically reply with a message explaining if your email passed, or failed validation.

[pinewoodblue]

Looks good - thanx all will give all suggestions a go!

[rob]

Please note that running SPF on your domain breaks forwarding, and hence will cause problems for some users.

In the case where you have a pre-delivery forward (e.g. if you're using the aliases functionality on the Linux accounts to relay to a remote mailserver), then the MTA will generally just change the envelope recipient address, without changing the envelope-sender address. This mail will be rejected by anyone utilising SPF.

Why?

User A, with mail on MTA A, sends a mail from his domain (foo.com) - foo.com lists MTA A in its SPF, therefore this is OK, and MTA B will accept it without a problem. User C utilises MTA B, but forwards all their mail to their personal domain (wibble.com) on MTA C. When MTA B relays the mail, it will still appear from foo.com, but MTA B isn't a valid SPF sender for this domain, and hence MTA C should reject the mail. By enabling SPF, the user cannot relay their mail through like this. Many applications (including the .forward operations of a number of MTAs) exhibit this behaviour.

For more information please see http://homepages.tesco.net/J.deBoyne...veryForwarding