Que faire contre le spam-spoofing ?

[Franck B.]

Bonjour,

Voilà, j'ai une adresse mail, qui est dédié aux messages envoyés sur des adresses inexistantes de mes domaines.

Exemple, quelqu'un envoi un e-mail à contact_AT_wondyland.com (qui n'existe pas), ce mail est directement transféré à l'adresse badmail_AT_wondyland.com.

Ok ?

Donc mon problème, et je ne suis pas le seul, j'en suis sûr (faites le test comme moi de l'e-mail de redirection), c'est que des spammeurs utilisent mon domaine, comme usurpation d'identité.

Exemple, voici par exemple ce que j'ai reçu déjà (parmi des centaines) :

Attention: zpgv_AT_wondyland.com

A virus was found in an Email message you sent.

This Email scanner intercepted it and stopped the entire message

reaching its destination.

The virus was reported to be:

Trojan.Downloader-390

Please update your virus scanner or contact your IT support

personnel as soon as possible as you may have a virus on your system.

Your message was sent with the following envelope:

MAIL FROM: zpgv_AT_wondyland.com

RCPT TO: callow_AT_ptd.net

... and with the following headers:

---

MAILFROM: zpgv_AT_wondyland.com

RCPTTO: callow_AT_ptd.net

IP-Addr: 86.8.128.116

Received: from cpc2-oxfd7-0-0-cust115.oxfd.cable.ntl.com (HELO oxfd-cache-4.server.ntli.net) ([86.8.128.116])

(envelope-sender <zpgv_AT_wondyland.com>)

by smtp23.mailnet.ptd.net (qmail-ldap-1.03) with SMTP

for <callow_AT_ptd.net>; 31 Dec 2006 00:48:03 -0000

Received: from xgmns ([219.227.101.24]) by oxfd-cache-4.server.ntli.net with Microsoft SMTPSVC(5.0.2195.6713); Sun, 31 Dec 2006 00:48:00 +0000

Message-ID: <459708C0.2080205_AT_wondyland.com>

Date: Sun, 31 Dec 2006 00:48:00 +0000

From: contingent <zpgv_AT_wondyland.com>

User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)

MIME-Version: 1.0

To: callow_AT_ptd.net

Subject: Happy New Year!

Content-Type: multipart/related;

boundary="------------080008040803050103030409"

---

Ou encore un autre exemple :

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its

recipients. This is a permanent error. The following address(es) failed:

amanda_AT_ar1.com.au

This message has been rejected because it has

a potentially executable attachment "Greeting Postcard.exe"

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------

Return-path: <axpyre_AT_wondyland.com>

Received: from [222.235.221.179] (port=4360 helo=sflvy)

by aus5.unlimited-space.com with smtp (Exim 4.52)

id 1H0pr3-0000tQ-7A

for amanda_AT_ar1.com.au; Sun, 31 Dec 2006 12:51:18 +1100

Received: from unmvix ([143.34.119.60]) by sflvy with Microsoft SMTPSVC(6.0.3790.0); Sun, 31 Dec 2006 10:51:46 +0900

Message-ID: <459717B2.6030706_AT_wondyland.com>

Date: Sun, 31 Dec 2006 10:51:46 +0900

From: deathbed <axpyre_AT_wondyland.com>

User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)

MIME-Version: 1.0

To: amanda_AT_ar1.com.au

Subject: May Your Dreams Come True!

Content-Type: multipart/related;

boundary="------------040100080600070903020202"

--------------040100080600070903020202

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

--------------040100080600070903020202

Content-Type: application/x-msdownload;

name="Greeting Postcard.exe"

Content-Transfer-Encoding: base64

Content-Disposition: inline;

filename="Greeting Postcard.exe"

Je précise que c'est bien de l'usurpation d'identité, car cela ne passe pas par mon serveur "hébergeant" le domaine (le relais SMTP de mon serveur est fermé de plus).

On peut voir que ces 2 là utilisent un serveur Microsoft SMTPSVC, avec un user-agent "Thunderbird 1.5.0.9 (Windows/20061207)".

Quelqu'un sait-il comment contrer ce fléau ?

Merci d'avance

Modifié 9 Janvier 2007 par Franck B.