Dear CAUCE Team,
We are looking for support resources to thwart a massive spam/forgery
attack that misuses our company name — claiming we are the spam
source. The spam contains url links to numerous computers that
apparently download viruses. We are looking for assistance and
guidance in dealing with this. Any suggestions?
Regards,
Forged
Dear Forged,
We have a lot of sympathy for your predicament. Internet e-mail has
no built-in security, and there is little one can do to prevent bad
guys from putting fake names on their junk. We have seen a large
number of spam with faked return addresses from your competitors as
well as from your brand. There are several things we can recomend to
potentially help with your email program, and protect users from
receiving email with your forged from addresses (note:
this will not completely remove this threat, but can help protect your
users/brand):
- Only send email from well branded mail servers (i.e.
MTA1.outbound.yourdomain.com) and not generic mail.myisp.com. This
will help ISPs distinguish between your mail and a fake mail server. - Implement, or fix, one or more of these popular authentication
solutions; SPF, Sender ID, DKIM, and BATV. - Send email from your own domain, do not use the senders email
address – authentication solutions will generally cause these messages
to fail. - Let your users know of these changes and your policies regarding
the structure of your emails - Provide instructions on your web pages with information similar to this:
-
- "We only send email with fully qualified domain names
(http://www.yourcomapny.com) and never with an IP address in the URLs
(http://1.2.3.4) – if you receive and email with IPs in the body – DO
NOT CLICK THESE LINK WITH IP ADDRESSES." - "We in no way endorse the sending of spam and have taken the
following actions to protect our users: SPF,Sender ID, etc…)
- "We only send email with fully qualified domain names
Do you have a question you would like answered? Email them to
comments.
