Skip to main content
This forum is closed to new posts and responses. The content has been migrated to the Digital Solutions Community. Please join us there for new content as well as this content. For customer support, please visit the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum

  

PreviousPrevious NextNext

There's a question with no answer!
~Karl Eknuplopoopsi 10.Jul.03 11:04 AM a Web browser
Domino Server 6.0.1 Windows XP


Plenty of features in Domino will help. None will fix it completely.

"Verify Sender's Domain in DNS" is useful against completely bogus sender addresses.

However, sender addresses are trivially easy to spoof and this is a technique shared by viruses and spammers alike. So other than verifying sender's domain, sender address is not a reliable choice for any blocking.

An alarming and ever increasing volume of spam seems now to come direct-to-MX from open proxy servers. There is some evidence that these open proxy servers have been deliberately created via the use of the Sobig family of mass mailing worms (see my blog dated 9 July 2003 - link below).

If true, this means that a very large number of abusable proxy servers are sitting on the end of ADSL connections just waiting to be exploited. Look at the Received header (there is usually only one) of your spam and you will very often find that the IP points back to a cable or DSL service somewhere.

I suggest you:

1) Take this information and use it to populate "Deny connections from the following SMTP internet hostnames/IP addresses:" - but don't use a single IP. When you get a spam from some cable TV service or DSL pool, block the entire range of addresses. You can do this with a single entry like [192.168.1-127.*]. No real email should ever come direct-to-MX from such users (they should be using their ISP's smarthost), so this is safe and means that any other users with trojaned proxy servers sitting in the same network are also blocked.

2) Use a good open proxy/relay/formmail blacklist - list.dsbl.org is, in my opinion, without peer in this category and will block a high proportion of open proxy spam.

3) Consider placing a content filtering backstop in place to catch anything that makes it past your blocks - we have just started to use Trend ScanMail for Lotus Notes v2.6 with the eManager add-in. Early days yet but the initial results are very encouraging.

HTH

Chris Linfoot
http://chris-linfoot.net




How To STOP Spam! (~Wei Retumitexi... 10.Jul.03)
. . Did you enable "Verify connecting s... (~Ned Frogerogen... 10.Jul.03)
. . The Redbook may help... (~Lisa Lopresach... 10.Jul.03)
. . There are good anti-spam products f... (~Yentl Quetkrot... 11.Jul.03)
. . SpamEraser by Eagle Technology Cons... (~Bill Desfreema... 11.Jul.03)
. . . . This is one of the reasons for buyi... (~Yentl Quetkrot... 11.Jul.03)
. . RE: How To STOP Spam! (~Dana Optumiski... 10.Jul.03)
. . RE: How To STOP Spam! (~Yentl Quettumi... 10.Jul.03)
. . There's a question with no answer! (~Karl Eknuplopo... 10.Jul.03)
. . did u look at no.Spam.domino? (~Ted Bregerolyo... 11.Jul.03)
. . . . RE: did u look at no.Spam.domino? (~Lily Elgerotex... 5.Aug.03)
. . . . . . RE: did u look at no.Spam.domino? (~Ted Bregerolyo... 5.Aug.03)

Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS