[AusNOG] qld transport contact
Craig Askings
craig at askings.com.au
Thu Dec 13 12:51:16 EST 2012
On 13/12/2012 10:30 AM, Sean K. Finn wrote:
> What I'm seeing is a lot of spam pretending to be QLD Transport,
>
> With the QLD Transport servers added to the mail headers, but they are fake headers to make it look like they've passed through QLD Transport.
>
> The actual mail server handing me the email is
>
> Received: from a24.satur.ba.cust.gts.sk (62.168.71.248) by
> chasm1.ozservers.com.au with SMTP; 12 Dec 2012 07:50:35 +1000
This is the kind of issue that SPF and domain keys was designed to
combat. QLD Transport does have a SPF record which would help spam
filters pick these emails out as suspect.
haakon at cortez:~$ host -t txt transport.qld.gov.au
transport.qld.gov.au descriptive text "v=spf1 mx ~all"
haakon at cortez:~$ host -t mx transport.qld.gov.au
transport.qld.gov.au mail is handled by 5 mx1.transport.qld.gov.au.
haakon at cortez:~$ host mx1.transport.qld.gov.au.
mx1.transport.qld.gov.au has address 131.242.168.147
So 131.242.168.147 is the only legitimate source of email for QLD
Transport. That being said, they should probably change it from being
~all to -all while this flood of fake email is happening.
Craig.
More information about the AusNOG
mailing list