It is currently Thu 21 Jun 2018 00:37 GMT
Change font size

Making the most of the Internet

Spam fail - or success?

Here's where to discuss things such as how to deal with Spam, how to protect yourself from net nasties, and other Internet-related issues.

Moderator: JJ

Spam fail - or success?

Postby Dave » Thu 29 Sep 2011 06:24 GMT

Kay received two rather odd "Failed delivery" messages from Google Groups today.

The original email clearly wasn't from her at all - it was a spam. (Kay never uses Google Groups to send messages.) But there was a line in the header saying "domain of transitioning (ie Kay's email address) does not designate [the spammer's IP] as permitted sender".

So it looks as if our server (correctly) blocked the message from going out under Kay's email address. Well done, our server - on the face of it.

However, I'm now wondering whether this is just a back-door way of getting spam through, like this:

1. The spammer sends out a bulk message. Some get through, others are rejected.

2. Knowing that his message isn't getting through by conventional means, the spammer takes his list of recipients and uses those as transitioning addresses instead.

3. The spammer sends out his new bulk message. The message fails, and the transitioning addresses get failed delivery notifications, which include the spam. Message delivered.

Any thoughts?
British Newspapers Online - your handy guide to the UK's national, regional and local press!
ErgoGuides - Great travel and business eBooks from British Expat!
Posted by:
User avatar
Dave
Site Admin
 
Posts: 7260
Joined: Tue 21 Jan 2003 15:04 GMT
Location: Currently UK

Postby JJ » Thu 29 Sep 2011 07:08 GMT

This is a SPF (Sender Protection Framework) thing. The way I read that is that the server which blocked the message wasn't your server but the recipients, which saw that the DNS SPF records for the domain part of Kay's address didn't include the address the spammer was sending from and thus rightly flagged the message as spam. Do your SPF records have ~all in them because you can stop softfails by changing that to -all as long as you will never need to send via a different server.

Other than that it's basically the old spammer trick of using another address in the list of victims as the faked sender address so the recipient can't filter by sender. Used to lead to angry exchanges between recipients and the impersonated sender but as so many addresses on spam lists are imaginary anyway (just perm a list of forenames with a list of surnames @targetdomain) that's mostly gone away.
There's loads more to see and do on British Expat— why not check out our home page?
Posted by:
JJ
Moderator
 
Posts: 794
Joined: Fri 7 Nov 2008 22:54 GMT
Location: Sannat, Gozo

Postby Dave » Thu 29 Sep 2011 07:49 GMT

Thanks, JJ. There's just one email I can think of that comes via a different server, but that's our monthly newsletter - sent by MailChimp, but the From header is nobody AT britishexpat.com - so I think we're probably going to have to leave things as they are.
British Newspapers Online - your handy guide to the UK's national, regional and local press!
ErgoGuides - Great travel and business eBooks from British Expat!
Posted by:
User avatar
Dave
Site Admin
 
Posts: 7260
Joined: Tue 21 Jan 2003 15:04 GMT
Location: Currently UK

Postby JJ » Thu 29 Sep 2011 21:00 GMT

If you know the sending addresses or host names that MailChimp use you can add those to your SPF records.
There's loads more to see and do on British Expat— why not check out our home page?
Posted by:
JJ
Moderator
 
Posts: 794
Joined: Fri 7 Nov 2008 22:54 GMT
Location: Sannat, Gozo

Postby Dave » Thu 29 Sep 2011 21:35 GMT

I'll give it a try, but not this month - we're due to send out in the next few hours, and I think it's probably better to send the thing out and then start tinkering. ;-)
British Newspapers Online - your handy guide to the UK's national, regional and local press!
ErgoGuides - Great travel and business eBooks from British Expat!
Posted by:
User avatar
Dave
Site Admin
 
Posts: 7260
Joined: Tue 21 Jan 2003 15:04 GMT
Location: Currently UK


Return to Making the most of the Internet