|
|
|
date: Tue, 13 May 2008 11:31:51 -0400,
group: microsoft.public.exchange.admin
back
Re: using spf to reduce sys admin messages
Outlook Rules. You'd still receive the NDRs, but you could have them
deleted before they hit the Inbox which is all the user is going to care
about. Depending on how many users you have, this could be significant
overhead to set up, but if it's just your CEO or something then doing it is
not a big deal and you can eliminate most of this stuff.
The big downside of course is that you'll eliminate the legit NDRs as well
as the SPAMMY ones. Lesser of two evils.
What we've found is that a different user seems to get hit every day,
getting 300-500 of these things, usually overnight, and by the time you get
an Outlook rule in place it's over.
I think we all need to simply agree to turn off NDRs and auto-replies
altogether, and follow-up every email we send with a phone call to confirm
receipt. ;)
"Mark" wrote in message
news:CE36E758-C8BC-415C-961E-99319DBCD11B@microsoft.com...
> Thanks for your responses. Is there some type of recommendation to limit
> or stop some users receiving many emails from username System
> Administrator which are coming from a variety of outside sources?
>
> "Susan" wrote in message
> news:uKu8neRtIHA.524@TK2MSFTNGP05.phx.gbl...
>> agreed...if everyone rejected messages based on spf records, it might
>> help, but many companies choose not to do that for fear of not receiving
>> important email...
>>
>> --
>> Susan Conkey [MVP]
>>
>>
>>
>> "Peter Durkee" <pdurkee@mac.invalid> wrote in message
>> news:OBOhMFRtIHA.2064@TK2MSFTNGP05.phx.gbl...
>>> It'sd as good a plan of action as any. The theory is that systems that
>>> pay attention to SPF records won't accept the spam pretending to be from
>>> you in the first place and therefore won't bounce it when it proves to
>>> be spam. Secondarily, it may be that spammers will be less inclined to
>>> use spoofed addresses that have associated SPF records because those are
>>> less likely to get through. I think it does help somewhat but don't look
>>> for dramatic improvements.
>>>
>>> -Peter
>>>
>>> "Mark" wrote in message
>>> news:436C4A4F-C681-47C8-A294-400FEC7DD2C2@microsoft.com...
>>>> Some of my users are getting 50-100 system administrator messages which
>>>> they had not part in. We use groupshield on our exchange 2003 server.
>>>> They recommended the Sender Policy Framework (openspf.org) as a means
>>>> of reducing the messages. Does anyone agree with that? Is that a good
>>>> plan of action or are there any other recommendations?
>>>>
>>>>
>>>> Thanks
>>>
>>>
>>
>>
date: Tue, 13 May 2008 14:38:14 -0400
author: Phil McNeill
Re: using spf to reduce sys admin messages
I turned off NDR's but what users are getting is still emails from System
Administrator (see below)
Your message did not reach some or all of the intended recipients.
Subject: I caught you naked swartznn
Sent: 5/13/2008 10:41 AM
The following recipient(s) cannot be reached:
sequelia@flash.net on 5/13/2008 12:28 PM
The e-mail system was unable to deliver the message, but did not
report a specific reason. Check the address and try again. If it still
fails, contact your system administrator.
< flpi131.prodigy.net #5.0.0 SMTP; 554 delivery error: dd Sorry
your message to sequelia@flash.net cannot be delivered. This account has
been disabled or discontinued [#102]. - mta129.sbc.mail.mud.yahoo.com>
Is this some other kind of problem?
"Phil McNeill" wrote in
message news:eBV5ohStIHA.5472@TK2MSFTNGP06.phx.gbl...
> Outlook Rules. You'd still receive the NDRs, but you could have them
> deleted before they hit the Inbox which is all the user is going to care
> about. Depending on how many users you have, this could be significant
> overhead to set up, but if it's just your CEO or something then doing it
> is not a big deal and you can eliminate most of this stuff.
>
> The big downside of course is that you'll eliminate the legit NDRs as well
> as the SPAMMY ones. Lesser of two evils.
>
> What we've found is that a different user seems to get hit every day,
> getting 300-500 of these things, usually overnight, and by the time you
> get an Outlook rule in place it's over.
>
> I think we all need to simply agree to turn off NDRs and auto-replies
> altogether, and follow-up every email we send with a phone call to confirm
> receipt. ;)
>
>
> "Mark" wrote in message
> news:CE36E758-C8BC-415C-961E-99319DBCD11B@microsoft.com...
>> Thanks for your responses. Is there some type of recommendation to limit
>> or stop some users receiving many emails from username System
>> Administrator which are coming from a variety of outside sources?
>>
>> "Susan" wrote in message
>> news:uKu8neRtIHA.524@TK2MSFTNGP05.phx.gbl...
>>> agreed...if everyone rejected messages based on spf records, it might
>>> help, but many companies choose not to do that for fear of not receiving
>>> important email...
>>>
>>> --
>>> Susan Conkey [MVP]
>>>
>>>
>>>
>>> "Peter Durkee" <pdurkee@mac.invalid> wrote in message
>>> news:OBOhMFRtIHA.2064@TK2MSFTNGP05.phx.gbl...
>>>> It'sd as good a plan of action as any. The theory is that systems that
>>>> pay attention to SPF records won't accept the spam pretending to be
>>>> from you in the first place and therefore won't bounce it when it
>>>> proves to be spam. Secondarily, it may be that spammers will be less
>>>> inclined to use spoofed addresses that have associated SPF records
>>>> because those are less likely to get through. I think it does help
>>>> somewhat but don't look for dramatic improvements.
>>>>
>>>> -Peter
>>>>
>>>> "Mark" wrote in message
>>>> news:436C4A4F-C681-47C8-A294-400FEC7DD2C2@microsoft.com...
>>>>> Some of my users are getting 50-100 system administrator messages
>>>>> which they had not part in. We use groupshield on our exchange 2003
>>>>> server. They recommended the Sender Policy Framework (openspf.org) as
>>>>> a means of reducing the messages. Does anyone agree with that? Is
>>>>> that a good plan of action or are there any other recommendations?
>>>>>
>>>>>
>>>>> Thanks
>>>>
>>>>
>>>
>>>
>
>
date: Tue, 13 May 2008 15:17:28 -0400
author: Mark
Re: using spf to reduce sys admin messages
Turning off NDRs on your mail server isn't going to help you as these
messages originate from outside. It's known as Backscatter (do a Google on
"Email Backscatter"), has increased greatly in volume over the past couple
months, and there is no magic bullet for a solution at present.
http://spamlinks.net/prevent-secure-backscatter.htm
http://www.eweek.com/c/a/Security/Backscatter-Spam-is-Back/
"Mark" wrote in message
news:D2EF3A35-6076-447E-A3FF-9BCD80D30073@microsoft.com...
>I turned off NDR's but what users are getting is still emails from System
>Administrator (see below)
>
>
> Your message did not reach some or all of the intended recipients.
>
> Subject: I caught you naked swartznn
> Sent: 5/13/2008 10:41 AM
>
> The following recipient(s) cannot be reached:
>
> sequelia@flash.net on 5/13/2008 12:28 PM
> The e-mail system was unable to deliver the message, but did
> not report a specific reason. Check the address and try again. If it
> still fails, contact your system administrator.
> < flpi131.prodigy.net #5.0.0 SMTP; 554 delivery error: dd Sorry
> your message to sequelia@flash.net cannot be delivered. This account has
> been disabled or discontinued [#102]. - mta129.sbc.mail.mud.yahoo.com>
>
>
>
>
> Is this some other kind of problem?
>
>
>
> "Phil McNeill" wrote in
> message news:eBV5ohStIHA.5472@TK2MSFTNGP06.phx.gbl...
>> Outlook Rules. You'd still receive the NDRs, but you could have them
>> deleted before they hit the Inbox which is all the user is going to care
>> about. Depending on how many users you have, this could be significant
>> overhead to set up, but if it's just your CEO or something then doing it
>> is not a big deal and you can eliminate most of this stuff.
>>
>> The big downside of course is that you'll eliminate the legit NDRs as
>> well as the SPAMMY ones. Lesser of two evils.
>>
>> What we've found is that a different user seems to get hit every day,
>> getting 300-500 of these things, usually overnight, and by the time you
>> get an Outlook rule in place it's over.
>>
>> I think we all need to simply agree to turn off NDRs and auto-replies
>> altogether, and follow-up every email we send with a phone call to
>> confirm receipt. ;)
>>
>>
>> "Mark" wrote in message
>> news:CE36E758-C8BC-415C-961E-99319DBCD11B@microsoft.com...
>>> Thanks for your responses. Is there some type of recommendation to
>>> limit or stop some users receiving many emails from username System
>>> Administrator which are coming from a variety of outside sources?
>>>
>>> "Susan" wrote in message
>>> news:uKu8neRtIHA.524@TK2MSFTNGP05.phx.gbl...
>>>> agreed...if everyone rejected messages based on spf records, it might
>>>> help, but many companies choose not to do that for fear of not
>>>> receiving important email...
>>>>
>>>> --
>>>> Susan Conkey [MVP]
>>>>
>>>>
>>>>
>>>> "Peter Durkee" <pdurkee@mac.invalid> wrote in message
>>>> news:OBOhMFRtIHA.2064@TK2MSFTNGP05.phx.gbl...
>>>>> It'sd as good a plan of action as any. The theory is that systems that
>>>>> pay attention to SPF records won't accept the spam pretending to be
>>>>> from you in the first place and therefore won't bounce it when it
>>>>> proves to be spam. Secondarily, it may be that spammers will be less
>>>>> inclined to use spoofed addresses that have associated SPF records
>>>>> because those are less likely to get through. I think it does help
>>>>> somewhat but don't look for dramatic improvements.
>>>>>
>>>>> -Peter
>>>>>
>>>>> "Mark" wrote in message
>>>>> news:436C4A4F-C681-47C8-A294-400FEC7DD2C2@microsoft.com...
>>>>>> Some of my users are getting 50-100 system administrator messages
>>>>>> which they had not part in. We use groupshield on our exchange 2003
>>>>>> server. They recommended the Sender Policy Framework (openspf.org) as
>>>>>> a means of reducing the messages. Does anyone agree with that? Is
>>>>>> that a good plan of action or are there any other recommendations?
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>
>>>>>
>>>>
>>>>
>>
>>
date: Thu, 15 May 2008 11:49:39 -0400
author: Phil McNeill
|
|
