Hi,
I have recently been getting large number of spam messages with FROM
and TO set as valid email addresses active on my domain - zyxware.com.
I have set up SPF on zyxware.com and this is my SPF raw record -
v=spf1 a mx ip4:67.220.209.203 -all
The mails are set to be forwarded to my gmail account and I have all
these emails added to my gmail account. The problem is that gmail
seems to be validating the mail as valid given the SPF records. Could
this be a case of spammers spoofing the source IP thereby tricking
SPF? The following are the headers from one such spam mail.
=====================================
Delivered-To: anoopjohn@gmail.com
Received: by 10.100.121.7 with SMTP id t7cs21487anc;
Thu, 24 Sep 2009 14:15:11 -0700 (PDT)
Received: by 10.151.28.10 with SMTP id f10mr792814ybj.71.1253826909841;
Thu, 24 Sep 2009 14:15:09 -0700 (PDT)
Return-Path: <careers@zyxware.com>
Received: from z1.zyxware.com ([67.220.209.203])
by mx.google.com with ESMTP id 3si8975642iwn.104.2009.09.24.14.15.08;
Thu, 24 Sep 2009 14:15:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of careers@zyxware.com
designates 67.220.209.203 as permitted sender)
client-ip=67.220.209.203;
DomainKey-Status: good
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
careers@zyxware.com designates 67.220.209.203 as permitted sender)
smtp.mail=careers@zyxware.com; domainkeys=pass
header.From=careers@zyxware.com
Date: Thu, 24 Sep 2009 14:15:08 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=zyxware.com;
h=Received:From:To:MIME-Version:Subject:Message-ID:Content-Transfer-Encoding:Content-Type;
b=hd11FY6V6RRz5+P5T44V6v+YspVhw76EIsyzTSzQEkTK6lqefnumM2uUW5l4xAZ2BwfHEKtsMkI5irIMyzw3ZOAJrA7CR9Gve73UKblXwzhMq7sljpIMqHxx2mmmfFyt;
Received: from [190.247.48.25] (helo=25-48-247-190.fibertel.com.ar)
by z1.zyxware.com with esmtp (Exim 4.69)
(envelope-from <careers@zyxware.com>)
id 1Mqve9-0006Cl-OB
for careers@zyxware.com; Fri, 25 Sep 2009 01:14:38 +0400
From: "Mirella Martig" <careers@zyxware.com>
To: careers@zyxware.com
MIME-Version: 1.0
Subject: Soap Opera, real people
Message-ID: <OP8A9506VSQH147L.RZUURWOKPE.509C3E5BA@kaplun>
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="UTF-8"
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - z1.zyxware.com
X-AntiAbuse: Original Domain - zyxware.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - zyxware.com
=====================================
Thanks
Anoop
----------------------------------------------------------------------------------------
http://www.zyxware.com
http://www.anoopjohn.com
http://www.thondomraughts.com
----------------------------------------------------------------------------------------
"Be the change you wish to see in the world", M. K. Gandhi
----------------------------------------------------------------------------------------
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
I have recently been getting large number of spam messages with FROM
and TO set as valid email addresses active on my domain - zyxware.com.
I have set up SPF on zyxware.com and this is my SPF raw record -
v=spf1 a mx ip4:67.220.209.203 -all
The mails are set to be forwarded to my gmail account and I have all
these emails added to my gmail account. The problem is that gmail
seems to be validating the mail as valid given the SPF records. Could
this be a case of spammers spoofing the source IP thereby tricking
SPF? The following are the headers from one such spam mail.
=====================================
Delivered-To: anoopjohn@gmail.com
Received: by 10.100.121.7 with SMTP id t7cs21487anc;
Thu, 24 Sep 2009 14:15:11 -0700 (PDT)
Received: by 10.151.28.10 with SMTP id f10mr792814ybj.71.1253826909841;
Thu, 24 Sep 2009 14:15:09 -0700 (PDT)
Return-Path: <careers@zyxware.com>
Received: from z1.zyxware.com ([67.220.209.203])
by mx.google.com with ESMTP id 3si8975642iwn.104.2009.09.24.14.15.08;
Thu, 24 Sep 2009 14:15:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of careers@zyxware.com
designates 67.220.209.203 as permitted sender)
client-ip=67.220.209.203;
DomainKey-Status: good
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
careers@zyxware.com designates 67.220.209.203 as permitted sender)
smtp.mail=careers@zyxware.com; domainkeys=pass
header.From=careers@zyxware.com
Date: Thu, 24 Sep 2009 14:15:08 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=zyxware.com;
h=Received:From:To:MIME-Version:Subject:Message-ID:Content-Transfer-Encoding:Content-Type;
b=hd11FY6V6RRz5+P5T44V6v+YspVhw76EIsyzTSzQEkTK6lqefnumM2uUW5l4xAZ2BwfHEKtsMkI5irIMyzw3ZOAJrA7CR9Gve73UKblXwzhMq7sljpIMqHxx2mmmfFyt;
Received: from [190.247.48.25] (helo=25-48-247-190.fibertel.com.ar)
by z1.zyxware.com with esmtp (Exim 4.69)
(envelope-from <careers@zyxware.com>)
id 1Mqve9-0006Cl-OB
for careers@zyxware.com; Fri, 25 Sep 2009 01:14:38 +0400
From: "Mirella Martig" <careers@zyxware.com>
To: careers@zyxware.com
MIME-Version: 1.0
Subject: Soap Opera, real people
Message-ID: <OP8A9506VSQH147L.RZUURWOKPE.509C3E5BA@kaplun>
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="UTF-8"
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - z1.zyxware.com
X-AntiAbuse: Original Domain - zyxware.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - zyxware.com
=====================================
Thanks
Anoop
----------------------------------------------------------------------------------------
http://www.zyxware.com
http://www.anoopjohn.com
http://www.thondomraughts.com
----------------------------------------------------------------------------------------
"Be the change you wish to see in the world", M. K. Gandhi
----------------------------------------------------------------------------------------
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com