Comments on: Self-Sending Spam http://blog.vamsoft.com/2008/12/29/self-sending-spam/ Where TCO meets ROI Wed, 25 Jan 2012 08:27:55 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: led sign http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-44844 led sign Mon, 14 Nov 2011 02:54:33 +0000 http://blog.vamsoft.com/?p=96#comment-44844 thanks the useful knowledge article, i study handrul you website .Typically, websites with “Send this page to…” functionality tend to be broken by this, because they are not authorized to send in your name. When possible, reconfigure these solutions or whitelist them. thanks the useful knowledge article, i study handrul you website .Typically, websites with “Send this page to…” functionality tend to be broken by this, because they are not authorized to send in your name. When possible, reconfigure these solutions or whitelist them.

]]> By: Boris http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-43780 Boris Wed, 21 Sep 2011 21:56:10 +0000 http://blog.vamsoft.com/?p=96#comment-43780 I've got study a handful of the articles on your web site now, and I like your style of writing a blog. I included it to my favorites site record and looking at back soon. I’ve got study a handful of the articles on your web site now, and I like your style of writing a blog. I included it to my favorites site record and looking at back soon.

]]> By: Jon http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-9026 Jon Sun, 22 Feb 2009 11:56:01 +0000 http://blog.vamsoft.com/?p=96#comment-9026 I have found that whilst my spf records work fine 90% of the time, spammers are starting to send me messages using my address as the to and from with the reply to address being different, the spf record is checking the reply to address domain, and this is not spf protected. any ideas? I have found that whilst my spf records work fine 90% of the time, spammers are starting to send me messages using my address as the to and from with the reply to address being different, the spf record is checking the reply to address domain, and this is not spf protected.

any ideas?

]]> By: Peter http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-8875 Peter Mon, 02 Feb 2009 09:42:34 +0000 http://blog.vamsoft.com/?p=96#comment-8875 Matevz, the agent is actually already published. Please see http://www.vamsoft.com/r?selfspam Matevz, the agent is actually already published. Please see http://www.vamsoft.com/r?selfspam

]]> By: Matevz http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-8842 Matevz Mon, 26 Jan 2009 14:19:13 +0000 http://blog.vamsoft.com/?p=96#comment-8842 Ill wait for external agent. Got a complicated design also. :) thx Ill wait for external agent. Got a complicated design also. :)

thx

]]> By: Vamsoft Insider » Self-Sending Spam 2. http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-8721 Vamsoft Insider » Self-Sending Spam 2. Tue, 06 Jan 2009 12:05:15 +0000 http://blog.vamsoft.com/?p=96#comment-8721 [...] My previous article outlined two solutions against the recent spam breakout: blacklisting your own domain and using SPF. This article will introduce a third one: an External Agent for ORF. If you are not interested in the mechanics of a simple External Agent, here is a direct link for the package download (then follow instructions of readme.txt). If you stay with me, I will show you how you can extend ORF by scripts. [...] [...] My previous article outlined two solutions against the recent spam breakout: blacklisting your own domain and using SPF. This article will introduce a third one: an External Agent for ORF. If you are not interested in the mechanics of a simple External Agent, here is a direct link for the package download (then follow instructions of readme.txt). If you stay with me, I will show you how you can extend ORF by scripts. [...]

]]> By: Peter http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-8663 Peter Wed, 31 Dec 2008 12:58:47 +0000 http://blog.vamsoft.com/?p=96#comment-8663 Prayag, Thanks for the explanation, now it makes sense. Indeed, such External Agent is quite easy to be written, basically it's the following in pseudocode: if CommandLineParameter(1) case- insensitively-equals CommandLineParameter(2) then SetExitCode(1) else SetExitCode(0) We plan to release such agent, however due to the upcoming holidays the ETA is uncertain. Otherwise, such email setup is quite unfortunate. When possible, ORF should be deployed in the perimeter MX servers. This gives both best performance, easy configuration, etc. Prayag,

Thanks for the explanation, now it makes sense. Indeed, such External Agent is quite easy to be written, basically it’s the following in pseudocode:

if CommandLineParameter(1) case- insensitively-equals CommandLineParameter(2) then
SetExitCode(1)
else
SetExitCode(0)

We plan to release such agent, however due to the upcoming holidays the ETA is uncertain.

Otherwise, such email setup is quite unfortunate. When possible, ORF should be deployed in the perimeter MX servers. This gives both best performance, easy configuration, etc.

]]> By: Peter http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-8662 Peter Wed, 31 Dec 2008 12:51:18 +0000 http://blog.vamsoft.com/?p=96#comment-8662 Benjamin, If SPF did not work in the first place, that may be because: - Your policy ends with SPF SoftFail and ORF is not configured to blacklist on SoftFail (I believe it does not blacklist on default, but I currently has no access to ORF source code) - Some test whitelisted those emails. This can be checked in the logs. - DNS issues, e.g. your SPF policy is not visible/different in the internal DNS. Differences between the internal and public DNS are suprisingly common. - Other reasons (SPF test not enabled, enabled but at wrong filtering point, Intermediate Host List issues, etc.). Benjamin,

If SPF did not work in the first place, that may be because:

- Your policy ends with SPF SoftFail and ORF is not configured to blacklist on SoftFail (I believe it does not blacklist on default, but I currently has no access to ORF source code)

- Some test whitelisted those emails. This can be checked in the logs.

- DNS issues, e.g. your SPF policy is not visible/different in the internal DNS. Differences between the internal and public DNS are suprisingly common.

- Other reasons (SPF test not enabled, enabled but at wrong filtering point, Intermediate Host List issues, etc.).

]]> By: Prayag http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-8661 Prayag Wed, 31 Dec 2008 08:25:04 +0000 http://blog.vamsoft.com/?p=96#comment-8661 Gregg, As I mentioned earlier our SPF record is relatively broken (does not contain hard fail) as we have more than 50+ outgoing gateways and not able to include all of them in SPF record for different reasons. Gregg,

As I mentioned earlier our SPF record is relatively broken (does not contain hard fail) as we have more than 50+ outgoing gateways and not able to include all of them in SPF record for different reasons.

]]> By: Gregg Hill http://blog.vamsoft.com/2008/12/29/self-sending-spam/comment-page-1/#comment-8656 Gregg Hill Wed, 31 Dec 2008 01:23:24 +0000 http://blog.vamsoft.com/?p=96#comment-8656 If you use an SPF record, it must have a "hard-fail" mechanism at the end, AND you must enable the SPF test at "Both" for the test point. If you use an SPF record, it must have a “hard-fail” mechanism at the end, AND you must enable the SPF test at “Both” for the test point.

]]>