[Cialug] Security Question...
Nicolai
nicolai-cialug at chocolatine.org
Mon Aug 6 15:14:22 CDT 2012
On Mon, Aug 06, 2012 at 03:00:31PM -0500, David Runneals wrote:
> Is this something I should be concerned with?
It's not a threat to you, but consider it "pollution" of the commons. A
spammer used your domain in their mail which is virtually always the
case with spam. And then you received the backscatter spam from Google.
> Or is it someone spoofing?
Yeah. Looks like a botnet machine from India:
> Received: from ([117.195.21.45])
> Received-SPF: neutral (google.com: 117.195.21.45 is neither permitted nor
> denied by best guess record for domain of 877EFF7C8 at runneals.com)
> client-ip=117.195.21.45;
If you want to decrease the likelihood of spammers using your domain in
their mail, you can add a TXT SPF record for runneals.com with your
mailservers defined and all others explicitly disallowed via -all. For
an example:
dig txt chocolatine.org
Nicolai
More information about the Cialug
mailing list