-
Spoofed Email Addresses
How do you guys and gals handle it? Specifically, my clients get a few and I am getting them now where the return (spoofed) email address is something like johndoe@mydomain.com. So when the email is returned, I get it. My client's email box actually fills up if she does not check her email daily and she has a 100M box.
I have SPF records, I am AOL white-listed (whatever), require SMTP verification, and I do my best to keep up with the email protocols.
Anything that you can recommend for this?
-
Make sure that you dont have a 'catch all' email account and if you have a specific email address being spoofed constantly, have your host automaticlly delete it from the server :)
Thats what we did :)
Regards,
Lee
-
We do have a catch-all, as well as do most of our clients. It helps us more than hurts us (when weighing that).
As far as the specific emails, not really, they vary everytime unfortunately
-
It really sucks but unfortunately since the initial email is sent from a different server there is no way to control it / stop it. SPF records are theoretically supposed to stop them from being received by servers but in reality they don't work.
I would suggest getting a junk mail filter on your email system, I personally use Outlook 2003 and it does a great job of catching most of those emails, plus you teach it as it goes along. After about a week of telling it that the occasional email is "not junk" it seems to operate quite smoothly.
cheers,
Luke
-
Thanks Luke. That is what I have been telling my clients - guess I just needed more reassurance (and to make sure nothing new was out there yet. :) - I think it will be awhile before hosting companies will start to support SPF records unfortunately. They seem like a great idea and I do have them also working on the receiving end as well for the spam filters.
-
kill spam
I use SpamAssassin (www.spamassassin.apache.org) and outlook filters that I update often. Between the two filters 80% of spam go to a "spam folder" that I look quickly once a day and delete.
I agree, that getting rid of the catch all would cut down on spam but sometimes clients/customers type the wrong email and it's nice to be able to catch those.
One last thing you can do is to block all of Korea and China. There are some good lists that you can put into your firewall and block ONLY email if you wish and leave the webtraffic. Of coruse, the servers we maintain we ask suggest to the clinet we also block web traffic from those networks. When was the last time anyone got real orders or emails from China??? Really??? :)
The only other way to get 99% reduction in spam is to use a 3rd party mail service that asks the sender to validate their email address before it sends it to your system.
Steven