[160701] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Ok: this is a targetted attack

daemon@ATHENA.MIT.EDU (Sean Lazar)
Mon Feb 11 16:39:38 2013

Date: Mon, 11 Feb 2013 13:39:18 -0800
From: Sean Lazar <knife@toaster.net>
To: Jay Ashworth <jra@baylink.com>
In-Reply-To: <27912468.5751.1360599594680.JavaMail.root@benjamin.baylink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Jay, you need to have SPF records for your domain. This will prevent the
spoofing you are seeing.

http://en.wikipedia.org/wiki/Sender_Policy_Framework

$ dig @8.8.8.8 baylink.com TXT

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 baylink.com TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11443
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;baylink.com.            IN    TXT

;; AUTHORITY SECTION:
baylink.com.        194    IN    SOA    localhost. jra.baylink.com.
2011032901 28800 14400 86400 600

;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 11 13:36:33 2013
;; MSG SIZE  rcvd: 78

Sean

On 2/11/13 8:19 AM, Jay Ashworth wrote:
> Clearly, someone has decided to shoot at me specifically, since this
> latest spam supposedly from me:
>
> =====
> Received: from lpb01.clearspring.com ([206.165.250.240]
>  helo=lpb01-a.clearspring.local)
>  by sc1.nanog.org with esmtp (Exim 4.80 (FreeBSD))
>  (envelope-from <email@addthis.com>) id 1U4vc3-000Cq4-9q
>  for nanog@nanog.org; Mon, 11 Feb 2013 15:48:11 +0000
> Received: from lpb01.clearspring.local (localhost [127.0.0.1])
>  by lpb01-a.clearspring.local (8.14.4/8.14.4) with ESMTP id r1BFm5bG022255
>  for <nanog@nanog.org>; Mon, 11 Feb 2013 10:48:05 -0500
> Date: Mon, 11 Feb 2013 10:48:05 -0500
> From: jra@baylink.com
> To: nanog@nanog.org
> Message-ID: <57414784.191289.1360597685530.JavaMail.brainiac@lpb01.clearspring.local>
> =====
>
> is also about FTTH.
>
> FOR THE RECORD: I don't ever use "send this link to someone", and especially
> not to a mailing list; this isn't even my tenth rodeo.
>
> Cheers,
> -- jr 'DoS attack?  What's that?' a
home help back first fref pref prev next nref lref last post