Is there anything I can do to stop spammers from spoofing my email?

R

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
I noticed an influx of bounce back emails from spammers using my email address to send spam. I know these are not actually originating from my server, but that does not stop people who are getting spam from submitting my domain to RBLs which will result in my server's IP being blacklisted everywhere. Is there anything at all I can do about this? I [should] have SPF records if that helps. Mail server is mail.iceteks.ca.
 
What blacklist uses the IP address by looking up the MX of the domain? Do you just think it is so or do you have some evidence that this is being done?

Normally, a blacklist should enter the IP address of any server that is actually delivering the spam.
 
You are checking the MX for all sorts of stuff, except being on a blacklist.

Look here: http://multirbl.valli.org/lookup/192.95.14.96.html

It's not listed anywhere, so where is the actual problem?

Edit: OK, anywhere except some obscure russian and chilenian lists. Who uses those anyway? It's probably all just extortion scams anyway.
 
Oh, right.

Edit: But wait, no one said iceteks.ca is the domain in question. It's not self-evident.
 
I'm not the in any of the major lists. I just want to make sure I don't end up as when I originally got the leased server the IP was in lists from previous user and some lists will only remove an IP once. Someone who does not know better might see spam from my domain do an nslookup then submit to rbls. That's what I'm worried about, but not sure if I can really do much.
 
Oh that's good to know then, so they actually have proper ways to validate first? I just hate seeing all these bounce backs as chances are good a lot of those emails are also making it through and I don't want people to think I'm sending spam.
 
RBL's don't work on domain names, because, well, that would be stupid.

SPF record is about all you can do and obviously it only works with recipient servers that adhere to it.

Beyond that, there's nothing you can do to prevent me from using your e-mail address to send mail. Sucks, I know.
 
Do you have your mail server properly secured, just curious, proper MX records, proper A records, proper TXT configs only allowing your server to send email for your domain?

Anyone can spoof your email, nothing you can do about it, just make sure your server is secure and is authorized to be the only sending server for your domain as any good mail server will check if the originating IP / Domain is authorized to send on behalf of that domain.
 
It's stupid to outsource something just because. How about showing me what I did wrong. Give a man a fish he eats for a day teach a man to fish he eats forever. You make it sound like its a crime to not know something and that you should just give up. That's piss poor life attitude.
 
No, it's not since you can't figure out what's wrong even if you're told.

Do you have your mail server properly secured, just curious, proper MX records, proper A records, proper TXT configs only allowing your server to send email for your domain?
Click to expand...
That's pretty much a summary of the above and we did tell you what's wrong. Doing it wrong does actually cause harm and ISPs, DCs etc have this in their ToS.
 
Where does everyone get the idea that iceteks.ca is the domain in question?

You don't know anything other than mail.iceteks.ca is a mailserver for some domain.

Check your facts and reasoning.
 
It is mail.iceteks.ca (iceteks.ca is on same server but different IP) but I'm asking, what did I do wrong? I never heard of DKIM so I'll google that. Just because I might not know a few specific things does not mean I don't know what I'm doing, I need to learn somehow, that's the whole point of asking a question on a forum is it not? I just need to actually know what is wrong with that domain instead of being told I should not host it.

Oh and this is what I have in DNS for the spf record, is this right, or should it be something else? It's pretty much a straight copy and paste from a tutorial but I know they might not always be right:

Code: 
iceteks.ca. IN TXT "v=spf1 a mx -all"

That's telling other servers that mail should only originate from my mx server right? (which is mail.iceteks.ca) Also should the SPF only be on the record of the mx or should it be on any domain that can have mail that comes from it? so if I have .com, .net etc should I put SPF records there too? I did anyway but not sure if I'm suppose to.
 
Last edited:
In your case, you can omit the "a".

Which domains you outfit with SPF depends on which domains you want to protect, of course. If you have other domains for which mail.iceteks.ca is an MX and you want to protect them, you'd do something like "v=spf1 mx:iceteks.ca -all" (http://www.openspf.org/SPF_Record_Syntax) in those domains.

Also, RFC 4408:

Code: 
   An SPF-compliant domain name SHOULD have SPF records of both RR
   types.  A compliant domain name MUST have a record of at least one
   type.  If a domain has records of both types, they MUST have
   identical content.  For example, instead of publishing just one
   record as in Section 3.1 above, it is better to publish:

      example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all"
      example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all"

   Example RRs in this document are shown with the TXT record type;
   however, they could be published with the SPF type or with both
   types.
 
Do what I do, I don't talk to or know anyone in Russia, China, Korea, any country in Africa, or South America ... so I block ALL traffic originating from them. It's not perfect, but it does cut down a lot.

Also, it helps to have your own domain name and only give people who actually know your real email address (which you can change if the person you give that email to is a retard and may give it out). Keep an email for yourself ONLY (something short). Then for anything like facebook or a company who will spam you, set up an address like noydb@ .... noydb = None Of Your Damn Business. Consider EVERYTHING in there to be junk. Just delete the inbox on exit.
 
'47 Knucklehead said:
Do what I do, I don't talk to or know anyone in Russia, China, Korea, any country in Africa, or South America ... so I block ALL traffic originating from them. It's not perfect, but it does cut down a lot.

Also, it helps to have your own domain name and only give people who actually know your real email address (which you can change if the person you give that email to is a retard and may give it out). Keep an email for yourself ONLY (something short). Then for anything like facebook or a company who will spam you, set up an address like noydb@ .... noydb = None Of Your Damn Business. Consider EVERYTHING in there to be junk. Just delete the inbox on exit.
Click to expand...

I'm lucky in this regard, my clients are all small business and only work with other clients/customers/partners etc in the state or a few surrounding states. I block all incoming traffic from every country except US & canada (and block in & outbound traffic to the worst, like russia, the 'stans and various other malware ridden places). Really helps with spam. Not perfect, but every bit helps.
 
goodcooper said:
because keeping yourself off of these lists is a ton of work, especially with your typical home connections
Click to expand...

TBH it has not really been that bad to stay off, my original question was more precautionary, as I was concerned I might get myself listed as a spammer keeps spoofing my email, but turns out it probably wont happen as the RBLs want actual email headers and wont just take a random IP submission. All the other stuff after that was more about how to tweak things better such as my SPF records not having quite the right syntax, and setting up DKIM, which I had not heard of till now, so I'll have to check into that. Read on it real quick but looks decently involved to setup, I'll find a decent tutorial later and go through it.

Really I'm not sure what email providers do to stay off RBLs though considering they probably do get lot of abusers too. Maybe because they own the actual IP ranges vs a leased server data centre owning them?

The advantage of running your own mail server is full control, ex: no account limitations or anything of that sort, and somewhat better privacy. Hard to stop the government from reading the email traffic mind you, but at least I'm not giving a corporation direct access like I would if I was using something like gmail.
 
Red Squirrel said:
I noticed an influx of bounce back emails from spammers using my email address to send spam. I know these are not actually originating from my server, but that does not stop people who are getting spam from submitting my domain to RBLs which will result in my server's IP being blacklisted everywhere. Is there anything at all I can do about this? I [should] have SPF records if that helps. Mail server is mail.iceteks.ca.
Click to expand...

Do you control your own domain?

If so, add an SPF record to it.

It won't stop people from trying to spoof.
But any recipient domain that uses SPF can then check the SPF record and bounce spoofs that come from unauthorized servers/
 
You might also want to make sure you have a proper reverse DNS record for your mail server. A number of places reject based on no reverse DNS to your mail servers. Another thing is a number of RBLs block residential Cable IP scopes. So on a non-business connection you may have issues.
 
You must log in or register to reply here.
Back
Top