RE: SPF Configurations

> 3. Spammers abusing your webmail and/or remote message submission service
> using phished credentials.

I'll admit .. this has happened a few times too. Usually we see the
incoming phish attempt and configure an outbound block for RE: (same
subject) and it never fails .. we catch at least one person that
responds. We've seriously considered sending our own phishing emails
with a link that automatically disables anyone's account if they click it.

In addition to rate-limiting, you can get some assistance
from the anti-phishing email reply blacklist (see which
is included in the Sanesecurity ClamAV add-on databases (see Even if it's too late
to block the incoming phish it can be useful to block your users'
replies. There's also "Kochi" which analyses email for phishing-
related patterns, including detecting messages that contain users'
passwords (see There's a fair
amount of discussion of this kind of thing on the hied-emailadmin list

Our volume is 1.5-2m msg/day, and I'd say we catch ~95% of it .. but
when a batch gets through and a third of our students have mail
forwarded to Yahoo, from Yahoo's point-of-view, they just got 10,000
spam from our IPs.

Ah, you have rather more forwarding than we do.

Anyone know how to do this in Domino off-hand? (without sending IBM a
fat check) .. if so, I'd love to hear about it so I can tell our Lotus

Put a Unix mailer between it and the real world :slight_smile: I think Exim's rate
limiting facility is excellent, but then I wrote it :slight_smile: