Lately I've noticed a bit of an increase in spoofing using my company's domain.
I have set up a "catchall" address so that anything@MyDomain.com is delivered to me. Maybe that's just stupid, but it does allow me to detect things that might not otherwise be seen... As an example, I just got back a "We couldn't process your email" automated response from an online service where someone had stuck a bogus name in front of @MyDomain.com.
I know it's trivially easy for people to spoof any address at the most basic level by just setting an eMail client up to have a return address that looks like it's coming from a domain of their choosing.
I have an in-house eMail relay package running, but it's set up to be not available to anyone except my in-house systems (e.g., so they can eMail me automatically if they detect a problem). It is not tied to my catch-all account.
My question is this:
Is there more I could/should be doing to protect against the use of my domain name in made up addresses? What am I not thinking of?
Post by Locutus deBorg on May 27, 2016 11:58:57 GMT -6
standard attack, the guess method
they will try an everything and anything, dictionary / word / name based attacks on @domainname to get a list of legit email addresses and / or collect a list of unused addresses which will then be used to either attack the legit address with spam, phishing, malware distribution etc. and the illegitimate / unused addresses will be used in the from: field to attack other addresses with the above noted junk
if you set up your system to accept all email addressed to any name / any word / anything @domainname without it bouncing as undeliverable, then you will see most of or, all of the spoof / guess attack attempts
email is really not a secure system, any more than regular letter mail is.
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
<Rick> Good video. It's almost hard to believe that at one time Windows 98 was the resource hog, but even then, it still ran circles around what Windows 10 can do on today's modern hardware and look a heck of alot better doing it.
May 25, 2021 22:55:12 GMT -6
<Rick> As stated elsewhere, So much for the launch of Windows 11, "The Great Crash." Myself, I had a hard time getting into the site listed above, when I did get in, the video was partly done and then it crashed. There has been many other reports of crashing.
Jun 24, 2021 9:52:33 GMT -6
*
<Rick> I see Microsoft has been very quick to pull down reports of site crashing regarding the Launch of Windows 11 on the Microsoft Insiders forum.
Jun 24, 2021 9:57:31 GMT -6
*
<Rick> The rebroadcast is working okay.
Jun 24, 2021 11:00:25 GMT -6
<Rick> With reports of people being able to install the dev-edition of Windows 11 on machines not meeting spec, I thought I would give it a what-the-heck try. Lucky me, I'm caught in the downloading, doesn't meet spec, clearing, re-downloading loop on my machine!
Jul 2, 2021 7:08:46 GMT -6
<Rick> I've recently purchased a license for ArcaOS from www.arcanoae.com/ to play with. First impressions, it's still OS/2, but it now has a Linux twist to it.
Jul 2, 2021 7:32:53 GMT -6
*
<dozrguy> laptop shit out and am stuck buying a new one. os win11 as fucked as win10 was?
Oct 2, 2021 12:56:10 GMT -6
<Rick> Let's see ..., my impression of Windows 11 is that it is a spruced up version of Windows 10 requiring a 64-bit processor plus a piece of security hardware that is less than 4 years old in order for it to run.
Oct 4, 2021 18:25:49 GMT -6
*
<Rick> On the plus side, Microsoft is supposed to be supporting Windows 10 for some time to come for those of us still using systems with I7 or older processors.
Oct 4, 2021 18:44:35 GMT -6
*
<dozrguy> i tried installing win10 om the 'shitout' pc this morning usung media creation. EPIC FAIL! went into an endless bootloop. win7 reinstalled just fine
Oct 21, 2021 11:23:38 GMT -6
<dozrguy> STILL so much bullshit and so little time for the kiddie ideas from the hill. My new laptop (MSI GE 11-UH461) would be an awesome "10" machine but because of Winblows I can only give it a "2"......wasted $3500
Oct 27, 2021 9:36:47 GMT -6
<Rick> Hello. Just checking in.
Mar 17, 2022 10:46:54 GMT -6
<isidroco> Each new w10 update adds >100000 useless files to \Windows\Servicing\LCU\Package_for_RollupFix... folders. Even in a SSD takes time to delete that stuff. In each version they manage to worsen stuff.
Mar 27, 2022 16:14:51 GMT -6
*
<dozerguy> still traffic here?
Oct 9, 2022 17:32:44 GMT -6
<Rick> No, there does not seem to be very much traffic these days. I still check in from time to time.
Oct 9, 2022 20:08:58 GMT -6