Dealing with forged return addresses hitting my domains?

Kimball Larsen kimball at kimballlarsen.com
Fri Apr 21 09:03:28 MDT 2006


Oh how I detest spam.

So, until recently, we have had very little problem, but in the last  
few weeks some spammer(s) have gotten hold of our business domain and  
are using it to spoof return addresses, thus slamming my systems with  
hundreds of bounced messages/day.

In investigating what to do about it, I have run across a few  
different approaches, and wanted to get an opinion from PLUG on what  
is the Right Way™.

First up is Sender Policy Framework (SPF) (1).  I actually had not  
heard about this until today when I started researching this problem,  
and have already heard relatively strong opinions on both sides about  
whether SPF is a good or bad thing.

Next is Domain Keys (2).  This sounds promising, but also a bit  
daunting to set up correctly.

My skills do not really center around sysadmin stuff - I'm really a  
programmer that has wound up doing a bunch of sysadmin stuff as part  
of my job(s).  I'm looking for a solution that is simple to implement  
(or at least very well documented - preferably with a good howto/ 
walkthrough).  They system(s) I intend to set this up on are running  
Ubuntu Breezy, Postfix, Courier, and use SASL with mysql for auth,  
and all domains are done virtually.  I used this walkthrough (3) to  
get the servers set up initially.

Thanks!

-- Kimball


(1):  http://www.openspf.org/index.html
(2):  http://en.wikipedia.org/wiki/Domain_keys
(3):  http://flurdy.com/docs/postfix/





More information about the PLUG mailing list