PROBLEM: 
A user is receiving large amounts of undeliverable (or bounce-back) messages that appear to be coming from unknown senders.  For example, an Email user on mycompany.com might receive a message like this:

==================
Failed Recipient: zz87sakjd@x823.com
Reason: Remote host said: 541 5.6.0 Your message was rejected by PATTERN FILTER
-- The header and top 20 lines of the message follows --

Received: from UnknownHost [121.146.183.90] by mail1.siteorganic.com with SMTP;
Tue, 24 Jul 2006 10:26:24 -0400
Received: from vosxsgsgp.com ([203.87.224.129]) by yjyhio.com; Tue, 31 Jul 2007 23:26:21 GMT
From: "webmaster" webmaster@mycompany.com
To: "zz87sakjd" zz87sakjd@x823.com
Subject: excellent opportunity c1al92sz
Date: Tue, 24 Jul 2006 23:25:56 GMT
===================

Note that the bold line above indicates that the original message was apparently sent fromwebmaster@mycompany.com to the offending address.  In fact, this message was likely not sent from anyone at mycompany.com, but rather from a completely separate third party posing as this address.  This technique is called spoofing. 

SOLUTION
While there is no 100% effective way to prevent these types of undeliverable messages, you can look for patterns and then apply content filters or other protective measures to reduce the amount of unwanted mail.

Edge Media employs several techniques to help prevent this practice, including strict SMTP relay security, active firewall security, and adherence to SPF (sender policy framework) standards.  However, when spoofed Emails do not pass through our network, it is not possible for us to stop this malicious activity between other servers (often in other countries outside the U.S.).

Please see this related article on best practices for filtering and spam protection:
http://www.siteorganic.com/support/Tickets/Customer/KBArticle.aspx?articleid=39

FOR MORE INFORMATION 
Please see the following links:

• http://en.wikipedia.org/wiki/E-mail_spoofing
• http://www.cert.org/tech_tips/email_spoofing.html
• http://www.windowsecurity.com/articles/Email-Spoofing.html
• http://forums.cnet.com/5208-10149_102-0.html?forumID=7&threadID=309967&messageID=2868229&tag=forums06;posts#2868229 
  

Article ID: 48, Visibility: Public, Status: Published, Created On: 7/31/2007, Modified: 10/4/2008, Last Reviewed: 7/21/2010