Trying to solve an issue whereby spammers forge the From: header along with the sender address to make it appear mail is being sent from our mail server.
The recipients (always a group, never single recipient) bounce back the message to us as spam; as a result their ISPs are penalizing our mail server's IP rep (via SenderBase et al) and/or the receipients are reporting us to their ISP.
All this despite the actual sender being our_user@our_domain@spammer-ip (i.e. spammer ip is the real sender). Currently Verizon has blacklisted our mail server IP and we've received a couple of warnings from AOL as well.
My question is, why is SPF not working? We have
setup for all mail users, and PTR on mail server and mail sender domains.
I'm particularly interested in knowing if there's a loophole where a spammer is able to append their IP to a valid our_user@our_domain address thereby tricking remote mail servers into seeing our_domain as the actual sender. I suspect not, but putting it out there in case anyone else has noticed this spammer technique showing up in their maillog.
Ideas appreciated.
Thanks
The recipients (always a group, never single recipient) bounce back the message to us as spam; as a result their ISPs are penalizing our mail server's IP rep (via SenderBase et al) and/or the receipients are reporting us to their ISP.
All this despite the actual sender being our_user@our_domain@spammer-ip (i.e. spammer ip is the real sender). Currently Verizon has blacklisted our mail server IP and we've received a couple of warnings from AOL as well.
My question is, why is SPF not working? We have
Code:
v=spf1 mx ip4:our-mail-server-ip -allI'm particularly interested in knowing if there's a loophole where a spammer is able to append their IP to a valid our_user@our_domain address thereby tricking remote mail servers into seeing our_domain as the actual sender. I suspect not, but putting it out there in case anyone else has noticed this spammer technique showing up in their maillog.
Ideas appreciated.
Thanks