From owner-freebsd-isp  Wed Apr 28  9:17:59 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from rheingold.navi.net (pdx-pm-p014.navi.net [209.188.52.64])
	by hub.freebsd.org (Postfix) with ESMTP id 80BFA1573B
	for <freebsd-isp@FreeBSD.ORG>; Wed, 28 Apr 1999 09:17:46 -0700 (PDT)
	(envelope-from wcooley@nakedape.navi.net)
Received: from localhost (wcooley@localhost)
	by rheingold.navi.net (8.9.0/8.9.0) with ESMTP id JAA13221;
	Wed, 28 Apr 1999 09:15:42 -0700
Date: Wed, 28 Apr 1999 09:15:42 -0700 (PDT)
From: "W. Reilly Cooley" <wcooley@nakedape.navi.net>
X-Sender: wcooley@rheingold
To: Veaceslav Revutchi <sl@zeus.dnt.md>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: please advice how to solve a spam problem
In-Reply-To: <Pine.BSF.4.05.9904281111210.54113-100000@zeus.dnt.md>
Message-ID: <Pine.LNX.4.10.9904280910380.13101-100000@rheingold>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 28 Apr 1999, Veaceslav Revutchi wrote:

> We maintain a free web-based email service @mail.md in Moldova.
> 
> What happens is that people around the world receive spam as from
> someuser@mail.md. The "From" field in the spam is forged since we
> don't have such users @mail.md. The server itself denys relay by
> default. So spammers are using other servers to deliver their spam but
> forge the mail so that it looks like its from us.
> 
> Why do they do this? Why not forging in some other addresses?

Because they need a legitimate domain to make the message appear from. Why
spammers often choose free e-mail services is beyond me; I guess they
think people will recognize the domain name and be more comfortable
opening it.

> This morning the .MD domain administratots removed all our records for
> MAIL.MD as punishment ! But we are responsible for this spam. We can
> not explain the whole world about this.

If the .MD admins are clueful, they'll know they can find the path the
message took in the header of the e-mail, which will clearly show it
didn't go through your server.

You might also want to do what HotMail does, and that's put the IP address
of the sender in the header, under "X-Sender-IP:"--this is hidden by
default, and a spammer won't bother to imitate you that closely--it would
also help you track down someone who tries to spam through you.


Wil
-- 
W. Reilly Cooley                          wcooley@nakedape.navi.net
Naked Ape Consulting                        http://nakedape.navi.net

   Internet Meta-Resources: http://nakedape.navi.net/meta-res/
            "All the Net you need to be a geek"




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message