[BlueOnyx:19556] Re: Enforcing SPF

[Tigerwolf]

On Thu, 12 May 2016, Ernie wrote:

> Recently there seems to be a huge increase of self-spam that is emails which
> pretend to be from the intended recipients email address.

Despite what the GUI help pop up says about setting sendmail's 
'delay_checks' option, I've found that turning it *OFF* kills off most of 
the "FROM: == TO: " spams.  In fact, if you dig into the sendmail docs, 
there's a place I saw where it admits that using "delay_checks" opens you 
up to that very sort of spam attack.

Go to the main menu "Network Services", then "Email", then "Advanced". 
Uncheck the "Enable delay_checks" tickbox.

We saw an *immediate* effect:  With "delay_checks" off, SpamHaus began 
killing nearly *all* the offending spam sources.  If you're getting a 
massive wave of those, you can turn "delay_checks" off and on and see the 
effect in real time!  It was pretty astonishing.

Supposedly "delay_checks" helps when using a DNS-based block list like 
SpamHaus, but any benefit it may give is nothing compared to the fact that 
spam received went to nearly zero when it's off!

It would be interesting to know if you see the same thing.

-- 
=^_^=  Tigerwolf