[rt-users] [ADMIN] Re: Is I.......
Matthew Seaman
matthew.seaman at thebunker.net
Fri Jan 23 15:36:27 EST 2009
Jesse Vincent wrote:
> It looks like we have a spammer forging the sender address of list
> members. Obviously I didn't send the message this is in reply to.
>
> (Note that nobody's email account was hacked. Email is upsettingly easy
> to forge)
There are some fairly simple measures you can take to make e-mail forgery
a much tougher proposition. Aside from the obvious GPG signature on this
messsage, try examining the headers for the DKIM signature. Not to mention
the TXT record for thebunker.net in the DNS. Failure of an e-mail to pass
one or both of those measures gets it a hefty award of spam points from
SpamAssassin. Add in a few sanity checks by your MTA on the names other
servers EHLO with (a machine connecting to you across a network should never
EHLO as localhost or with your servers own name) and Bob's your uncle. It's
not completely foolproof, and such things need to be done with extra care
where mailing lists are concerned, but I've found it pretty effective.
Cheers,
Matthew
--
Dr Matthew Seaman The Bunker, Ash Radar Station
PGP: 0x60AE908C on servers Marshborough Rd
Tel: +44 1304 814890 Sandwich
Fax: +44 1304 814899 Kent, CT13 0PL, UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090123/c42bfb95/attachment.sig>
More information about the rt-users
mailing list