Tag Archives: email server

Email address Spoofing – Someone is Using My address to Send Spam

Someone is Using Your Address to Send SPAM

You just got a bounce-back email saying that your email didn’t reach the destination because the recipient doesn’t exist. Nothing unusual, this is something that happens to anybody who is using email regularly; except you didn’t send that email. How could this happen? If you are an email server administrator and many of your users get this kind of bounce-back they all start to complain at once, thinking that your server has been hijacked. What can you do to stop this, and how to reassure your users that you haven’t been hijacked?

Sender Address Forgery known as email address spoofing is not a new technique. It is used for many things from spamming organizations to sending viruses and supporting scamming schemes where the sender fakes his identity.

Effective ways to stop Spammers to Use Your Domain Name

Publish SPF Data
SPF (Sender Policy Framework) is a method that allows you to publish which mail servers are authorized to send email for your domain. SPF uses a DNS record that tells email servers which servers are the servers that are trusted sources of email for the specific domain and how much to trust other sources of email originating from that domain. Destination servers might have the SPF checking implemented or not. Many of the today’s servers are SPF checking enabled.
Destination servers check this record and act in consequence. Anti-spam software on servers receiving emails, score an email based on SPF record and other criteria and accept or reject the email based on the total score. For instance if the SPF record tells that any emails originating from non authorized servers should not be trusted the email gets the necessary points to be treated as SPAM and it gets rejected. If the SPF record treats the non authorized servers neutral the message could pass or could be rejected if other it contains other SPAM characteristics.
Do not publish any email addresses on Web pages. This is the most common place for spammers to get valid email addresses and use them to forge email messages

If your company runs its own mail server configure it to ignore email sent to non-existent addresses in your domain. If your server sends a non-delivery report you reveal to a spammer valid addresses in your domain (the ones that don’t send NDRs). This attracts spam to those addresses. You waste bandwidth. The most common reason to send NDR’s for non-existent addresses is to let people know that they misspelled the address. Miss-addressed email can get lost easier.

If your domain gets blacklisted because of spoofing you have to contact the list which blacklisted you and show the Administrator what you did to correct the problem. This is very unlikely since the sender usually spoofs only the email sender and not the server’s address. A blacklist Admin should be able to figure out this.

How to Improve Internet speed at your Business

How to Improve Internet speed at your Business

If you are a Business owner or a System Administrator and the Internet connection is an important piece of your business, you probably know how difficult it is sometimes to keep a good balance between the real needs and the perfect Internet Connection.

Most of the times the first impulse is to make a connection upgrade and many times, this is the right step. Sometimes however we can improve a lot the Internet usage without upgrading. This article will show you what to do to improve the Internet speed without upgrading.

What is the Root Cause of your Slow Internet

Determine if the problem is the Internet Connection Bandwidth.
Many times the problem is the computer or the Local Area network. If your network was installed by your cousin or a friend who “New How to Do IT” it is likely that this is your problem. Check this article to learn “How to Troubleshoot a Slow Network.”(coming soon)
Use an Internet Connection Speed Test and determine if the connection performs at parameters.

Implement policies for the Internet use.

Very often companies don’t have a policy for Internet usage and employees abuse it and use it for personal use.
Educate employees about the day to day operations.
Many people don’t know what is acceptable to do and not to do on Internet. For Instance listening radio over Internet is a total waste if you don’t have huge bandwidth. Internet phones take a lot of bandwidth use whenever possible a regular phone. Video streaming are big bandwidth consumers. Users sometimes download files two or three times just because they don’t know where that file goes after the download. Many times they don’t even have the right to install or the file is already saved on an internal server. Sending files as attachments is another common mistake, especially if your mail server is hosted outside the company. Users will always prefer to send files via email than via a file server. A 15 Mb file will generate an Outlook message of around 18Mb. This 18 Mb will be uploaded to the email server which is the more painful operation on an asynchronous DSL connection (download is 3M but upload is 800K), and then will be again downloaded. If this email is sent to a few people imagine the connection bottleneck created.

Using a Caching Proxy could save you Money

If after all of the previous steps your business is still too slow you can implement a Caching Proxy. A Caching Proxy Server is an extremely useful tool to optimize Internet connection utilization and security. A Caching Proxy Server will cache the most used data and then serve it to its next client from the local copy rather than the Internet. A proxy will increase security in the company by providing an additional layer between the client and the Internet. It will help you enforce policies and control Internet Usage. It is also a great tool to log the Internet activity of your users. The downside of a proxy server is that is not easy to administrate, it needs an IT professional.

Caching Proxy Software

Two of the most used Caching Proxies are Squid and Microsoft ISA Server. Both of them are great tools extremely customizable and flexible. ISA Server is a rather expensive product but it has the advantage of a visual administration interface. On the other hand Squid is free software, but it needs command line administration. Another major advantage of Squid is that it doesn’t need too much hardware resources, and if configured properly can deliver excellent services.

A good companion for squid is a Content Filter. A content filter is a program that filters the access to Internet based on rules specified by the Administrator, public lists of known offensive websites and heuristic analysis. Two good content filtering programs are DansGuardian and SquidGuard.

Your Internet Usage Policies have to be Relaxed

As a closing paragraph I would recommend to keep a balance between business and personal use depending of the nature of your business. My experience showed that an extreme restriction would deteriorate the work climate and make your employee unhappy. On the other hand security and control of Internet Access are a very important factor and employees should understand this.

Preventing Domain Name Spam

What is domain name spam?
Domain Name Spam is a spamming technique where the sender only knows the domain name and he doesn’t have any valid email address in the domain. The technique involves sending emails to all the possible combinations or to a nicely crafted dictionary. The most common addresses in such a dictionary are:
• info@
• mail@
• sales@
• contact@
• contacts@
• root@
• help@
• home@
• contactus@
• enquiries@
• webmaster@
• hr
• shipping
The generic list is actually very long but I won’t include here all of the addresses.
Other possible entries in the dictionary are common names and different combination of these names. Let’s take for instance the name John Doe. A few possible combinations and the most used are: john.doe@company.com, j.doe@company.com, john.d@company.com, johndoe@company.com, etc…
What can you do to discourage and stop this kind of spam?
Set up your email server so it will not accept too many emails from the same server within a specified time frame.
Do not send NDR for unknown recipients, this will inform the attacker about the invalidity of those addresses, this is good information for a spammer. The disadvantage with this is that misspells of an address from a legitimate sender will not inform them about the error.

Use less commonly used prefixes for your email addresses.
Instead of “info@yoursite.com” use “askaquestion@yoursite.com”.
Instead of “webmaster@yoursite.com” use “yourname@yoursite.com”.
Instead of “help@yoursite.com” use “problem@yoursite.com”.
You do want to still keep your email addresses professional and to make sense to your customers. An email address like Egfa13wge2@yoursite.com will fool domain name spammers, but customers will be tempted to delete the email when they see such an email address in the “To” field of their email.
Also, don’t forget that many domain name spammers hope you have your catch-all turned on. This means that even sending an email to “any-address@yoursite.com” will end up in the admin’s mailbox even if that email address doesn’t exist. Unless you have a need for your catch-all to be turned on, you should have it turned off by default.