This post originated from an RSS feed registered with .NET Buzz by Robert Hurlbut. Original Post: Stopping email identity spoofing Feed Title: Robert Hurlbut's .Net Blog Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases Latest .NET Buzz Posts Latest .NET Buzz Posts by Robert Hurlbut Latest Posts From Robert Hurlbut's .Net Blog

Over the last few months, I have seen my company's web site domain used as the originator of a lot of spam. I know this because I get the spam email bounced back, and checking the header information, I verify that my domain name is part of the email address. I know the spammers are not using my mail server as the relay point, but they are using my domain name as if it is coming from me (or "someone" at my company -- they always come up with clever names as if that person works for me).

Fortunately, there are some initiatives forming to stop this. Valery mentions this in his own post:

So, if inbound e-mail server was simply checking that sending e-mail server's IP address matches the IP address that is published in the DNS record, then at least that kind of scam would be detected! Good news here is that for helping to add such check to inbound e-mail servers for inbound e-mail processing, Microsoft recently released beta version of their royalty-free “Sender ID framework” and is working with IETF for approving it as an Internet standard. Here is the link:

http://www.microsoft.com/mscorp/twc/privacy/spam_senderid.mspx

 

Check it… use it… help to stop these nasty spooffers/scammers/spammers!

I completely agree; the sooner the better!