At 10:38 PM 10/29/2006, you wrote:
>Vinny Abello wrote on Saturday, October 28, 2006 at 8:45
a.m. (-0400):
> >I think I remember this conversation one time
before but forget the outcome.
> >
> >I received this message which was clearly spam. It
was forged as from
> >robert tellurian.com who is on my friends list,
but my SPF settings
> >are set to explicitly block SPF failures. This
clearly does not match
> >our SPF record as it came from outside our defined
values.
>
>Yes
> G_SPF_ENFORCE_LOCAL "true"
>But it's probably wiser to remove that entry from the
friends list.
No way. I can't miss anything my boss sends to me including
spam as
he may forward actual spam in trying to illustrate or ask me
to do
something. There is no way I can remove him from my friends
list. I
also have all outgoing emails add to my friends list which
works out
great so he would just be added back within a few hours when
I send
him a message again.
I'm not understanding what is so inherently wrong about
rejecting a
forged message using a domain we host destined to our mail
server. In
what scenario is this bad?? I might as well just disable
friends then
and forget about it. This seems like an obvious loophole for
spammers
that I was relying on SPF to stop.
> ChrisP.
>
>
> >
> >In short, is there a way to prevent this from
happening?
> >
> >>Received-SPF: none (No spf1 record for
(mlgc.com) )
> >>client-ip=201.1.104.165;
> >>envelope-from=<GriffeyMeirajxburmdzmlgc.com>;
> >>x-ip-name=201-1-104-165.dsl.telesp.net.br;
> >>X-Default-Received-SPF: fail (Last token
(res=FAIL))
> >>client-ip=201.1.104.165;
> >>envelope-from=<GriffeyMeirajxburmdzmlgc.com>;
> >>x-ip-name=201-1-104-165.dsl.telesp.net.br;
> >>Received: from 40BC6AA8
(201-1-104-165.dsl.telesp.net.br [201.1.104.165])
> >> by mail1.tellurian.net ([216.182.1.23]
Tellurian Networks
> >> Mail Server version 3.8e-3) with ESMTP id
503326818-1926380
> >> for multiple; Fri, 27 Oct 2006
19:02:07 -0400
> >>Return-Path: <GriffeyMeirajxburmdzmlgc.com>
> >>X-TPG-Antivirus: Passed
> >>Received: from 192.168.0.5
(203-219-69-61.ripco.com [203.219.69.61])
> >>by mail2.ripco.com (envelope-from
GriffeyMeirajxburmdzmlgc.com)
> >>(8.13.6/8.13.6) with SMTP id %STATWORD for
<roberttellurian.com>;
> >>Fri, 27 Oct 2006 19:02:02 -0500
> >>Message-Id: <0929744381.%STATWORDmail2.ripco.com>
> >>From: "roberttellurian.com"
<GriffeyMeirajxburmdzmlgc.com>
> >>To: roberttellurian.com, vinnytellurian.com, rrgtellurian.com,
> >>jstarktellurian.com
> >>Subject: American General Financial Services
$15,000 personal loans
> >>Sender: "roberttellurian.com"
<GriffeyMeirajxburmdzmlgc.com>
> >>Mime-Version: 1.0
> >>Content-Type: text/html
> >>Date: Fri, 27 Oct 2006 19:02:02 -0500
> >>X-ORBS-Stamp:
> >>NJABL http://www.njabl.org/cgi-bin/lookup.cgi?query=201.1.1
04.165
> >>X-ORBS-Stamp: DSBL http://dsbl.
org/listing?ip=201.1.104.165
> >>X-ORBS-Stamp: SPAMHAUS http:
//www.abuse.net/sbl.phtml?IP=201.1.104.165
> >>X-Rcpt-To: <vinnytellurian.com>
> >>X-FriendScore: ************************:
24.900002 Server
> >>blacklisted DSBL=1.0,Server blacklisted
NJABL=1.5,Server blacklisted
> >>SPAMHAUS=5.5,spf dsl=1.0,From isn't in return
> >>path=1.1,SpamUrl=4.1,SPF Default
>
>>Fail=1.0,S_sc=1.1,S_ws=1.1,S_jp=1.1,SURBL=4.0,High
tags-to-text
> >>ratio=1.8,X-Verify-MX present=1.6,Aspam=-1.0
> >>X-Aspam: For help with aspam headers, email
supporttellurian.net
> >>X-Aspam: Words 0.0 -rent -ultimate -francis
-canopy -appreciated
> >>-jeffrey -borrow -canvas -pictures
> >>X-Aspam: From 1.0 (roberttellurian.com)
> >>X-Aspam: Best match was sample
aspam_goodm51.msg
> >>X-Aspam: Total 1.0
> >>X-NotAscii: charset=windows-1252
> >>X-SpamUrl: makeslive.com
> >>X-Surbl: jp makeslive.com multi.surbl.org
> >>X-Surbl: ws.surbl.org makeslive.com
multi.surbl.org
> >>X-Surbl: sc.surbl.org makeslive.com
multi.surbl.org
> >>Authentication-Results: tellurian.com
> >>header.from=<GriffeyMeirajxburmdzmlgc.com>; domainkeys=fail (no signature)
> >>X-Avast: Message is clean
> >>X-Verify-MX: <GriffeyMeirajxburmdzmlgc.com> No MX record for
> >>(tellurian.com"
<griffeymeirajxburmdzmlgc.com) r=Invalid Domain
> >>(tellurian.com"
<griffeymeirajxburmdzmlgc.com)
> >>X-IP-stats: Incoming Last 0, First 0, in=1,
out=0, spam=0 ip=201.1.104.165
> >>X-Originating-IP: 201.1.104.165
> >>Status: U
> >>X-UIDL: 1161990128.5424_507535.mail1
> >>
> >>
> >>
> >>
> >>American General Financial Services $15,000
personal loans
> >>
> >>
> >><http://www.makes
live.com>Finalize It Here
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>visit site to op tout of this onetime mailing
> >
> >
> >Vinny Abello
> >Network Engineer
> >Server Management
> >vinnytellurian.com
> >(973)300-9211 x 125
> >(973)940-6125 (Direct)
> >PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935
5325 FBCB 0100 977A
> >
> >Tellurian Networks - The Ultimate Internet
Connection
> >http://www.tellurian.com
(888)TELLURIAN
> >
> >"Courage is resistance to fear, mastery of
fear - not absence of
> >fear" -- Mark Twain
> >
> >
> >
Vinny Abello
Network Engineer
Server Management
vinnytellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325
FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com
(888)TELLURIAN
"Courage is resistance to fear, mastery of fear - not
absence of
fear" -- Mark Twain
|