Dear CAUCE Team,
We are looking for support resources to thwart a massive spam/forgery attack that misuses our company name -- claiming we are the spam source. The spam contains url links to numerous computers that apparently download viruses. We are looking for assistance and guidance in dealing with this. Any suggestions?
We have a lot of sympathy for your predicament. Internet e-mail has no built-in security, and there is little one can do to prevent bad guys from putting fake names on their junk. We have seen a large number of spam with faked return addresses from your competitors as well as from your brand. There are several things we can recomend to potentially help with your email program, and protect users from receiving email with your forged from addresses (note: this will not completely remove this threat, but can help protect your users/brand):
- Only send email from well branded mail servers (i.e. MTA1.outbound.yourdomain.com) and not generic mail.myisp.com. This will help ISPs distinguish between your mail and a fake mail server.
- Implement, or fix, one or more of these popular authentication solutions; SPF, Sender ID, DKIM, and BATV.
- Send email from your own domain, do not use the senders email address - authentication solutions will generally cause these messages to fail.
- Let your users know of these changes and your policies regarding the structure of your emails
- Provide instructions on your web pages with information similar to this:
- "We only send email with fully qualified domain names (https://www.yourcomapny.com) and never with an IP address in the URLs (https://22.214.171.124) - if you receive and email with IPs in the body - DO NOT CLICK THESE LINK WITH IP ADDRESSES."
- "We in no way endorse the sending of spam and have taken the following actions to protect our users: SPF,Sender ID, etc...)
Do you have a question you would like answered? Email them to comments.