troyholm@computeeze.com Posted October 18, 2006 Share Posted October 18, 2006 > Hello, > > I have a client who is being just pounded by > bounced messages. They seem to originate from sites called orange > and wanadoo with various extensions like com, nl, fr, etc. They > send out spam that is spoofed as one of my users and the receiving end > bounces the message back to my servers. They do this en mass. > > What happens is that this orange.com and wanadoo.com, who appear to be > somehow connected to each other, send out a bunch of spam to all over, and they > get bounced back to my server as it appears that they were from > one of my legit users. The quantity is nearly bringing my server > to its knees. In addition, it could be spoofed to any name at my domain, and > my servers still have to enum it to know that the user may or may not exist. > > I am not sure if this is new or if this has been going on for some time. This attack, as > I would call it, doesn't seem to be letting off. I was wondering if anybody has any > idea of how to combat it? > > Thanks and have a great day, > > Troy Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 19, 2006 Share Posted October 19, 2006 computeeze.com' post='49302' date='Oct 18 2006, 03:54 PM'] > What happens is that this orange.com and wanadoo.com, who appear to be > somehow connected to each other, send out a bunch of spam to all over, and they > get bounced back to my server as it appears that they were from > one of my legit users. The quantity is nearly bringing my server > to its knees. In addition, it could be spoofed to any name at my domain, and > my servers still have to enum it to know that the user may or may not exist. Actually, it is not necesarrily orange/wanadoo sending the messages in the first place. Their systems are just poorly configured for the current spam load on the internet. spam is being sent to invalid accounts on their domains with your addresses forged as the senders. Their systems accept all mail for their domains, then generate new messages to the forged address. There is a major thread in the blocking list forum re:Wanadoo/Orange because their servers are constantly listed for doing just that. Link to comment Share on other sites More sharing options...
troyholm@computeeze.com Posted October 19, 2006 Author Share Posted October 19, 2006 Actually, it is not necesarrily orange/wanadoo sending the messages in the first place. Their systems are just poorly configured for the current spam load on the internet. spam is being sent to invalid accounts on their domains with your addresses forged as the senders. Their systems accept all mail for their domains, then generate new messages to the forged address. There is a major thread in the blocking list forum re:Wanadoo/Orange because their servers are constantly listed for doing just that. Thanks. Troy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.