Jump to content

Spoof Spam Bounced Back


troyholm@computeeze.com

Recommended Posts

> Hello,

>

> I have a client who is being just pounded by

> bounced messages. They seem to originate from sites called orange

> and wanadoo with various extensions like com, nl, fr, etc. They

> send out spam that is spoofed as one of my users and the receiving end

> bounces the message back to my servers. They do this en mass.

>

> What happens is that this orange.com and wanadoo.com, who appear to be

> somehow connected to each other, send out a bunch of spam to all over, and they

> get bounced back to my server as it appears that they were from

> one of my legit users. The quantity is nearly bringing my server

> to its knees. In addition, it could be spoofed to any name at my domain, and

> my servers still have to enum it to know that the user may or may not exist.

>

> I am not sure if this is new or if this has been going on for some time. This attack, as

> I would call it, doesn't seem to be letting off. I was wondering if anybody has any

> idea of how to combat it?

>

> Thanks and have a great day,

>

> Troy

Link to comment
Share on other sites

computeeze.com' post='49302' date='Oct 18 2006, 03:54 PM']

> What happens is that this orange.com and wanadoo.com, who appear to be

> somehow connected to each other, send out a bunch of spam to all over, and they

> get bounced back to my server as it appears that they were from

> one of my legit users. The quantity is nearly bringing my server

> to its knees. In addition, it could be spoofed to any name at my domain, and

> my servers still have to enum it to know that the user may or may not exist.

Actually, it is not necesarrily orange/wanadoo sending the messages in the first place. Their systems are just poorly configured for the current spam load on the internet. spam is being sent to invalid accounts on their domains with your addresses forged as the senders.

Their systems accept all mail for their domains, then generate new messages to the forged address. There is a major thread in the blocking list forum re:Wanadoo/Orange because their servers are constantly listed for doing just that.

Link to comment
Share on other sites

Actually, it is not necesarrily orange/wanadoo sending the messages in the first place. Their systems are just poorly configured for the current spam load on the internet. spam is being sent to invalid accounts on their domains with your addresses forged as the senders.

Their systems accept all mail for their domains, then generate new messages to the forged address. There is a major thread in the blocking list forum re:Wanadoo/Orange because their servers are constantly listed for doing just that.

Thanks.

Troy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...