NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2003-09

NDRs from spamming

From: Romulo M. Cholewa (rmcrmc.eti.br)
Date: Wed Sep 17 2003 - 09:12:36 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi there,

I've noticed some increasing activity in our postmaster account since 2
weeks ago. We are receiving lots of NDRs from hundreds of non-existent
"pseudo" email addresses. I found out that spammers are using our domain
to fill up the from address (like creating random mailbox/user names and
appending the domain.com to the address).

In theory, this should not be a real concern, since the worst case
cenario would be receiving lots of NDRs. But in fact, some strange
things are happening.

First, the amount of NDRs are compromising our bandwidth (yes, the NDRs
are in the thousands a day already).

Second, some stupid (or badly configured) anti-spam systems are blocking
my mail server based on the email address (easily forged). Before the
question is raised, no, our server is not accepting mails as an open
relay, so the messages are not being originated here.

So, I would like to ask if this is a known issue. If it is, are there
any counter-measures that could be taken ?

If it is not, I think it would be nice to issue an advisory, or at least
a best-practice about configuring anti-spam tools, to NOT blackhole
other mail servers based solely on from address fields, that can be
easily forged.

Any info on this matter would be greatly appreciated.

Regards,

Romulo M. Cholewa
Home : http://www.rmc.eti.br
PGP Keys Available website.

"I am become Death, the destroyer of worlds." -- Robert Oppenheimer

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]