Joe Jobs

It has recently come to my attention that someone has been forging email headers to make it appear that spam is being sent from the hardcorehackers.com email server. Let me assure you that as the owner and adminstrator of hardcorehackers.com and rcbbx.org that I abhor spam and try to prevent it being delivered whenever possible.

What is happening is that someone is conducting what is called a Joe job against Hard Core Hackers. As a result, I have been seeing many bounced emails claiming that they were sent by the hardcorehackers.com email server.

How do you prevent this? If you are an email server administrator, you should look into SPF, the Sender Policy Framework. I also run DNS on the same server as the email server, and I publish my own SPF records, so you can query them to make sure that when you get an email claiming to be from "some_address@hardcorehackers.com", it is really from the Hard Core Hackers email server.

If you are an end user, you should petition your email server administrator to implement SPF on your email server.

As a last resort, you might want to do the following:

  1. In your email program, enable the viewing of headers.
  2. Look at the "Received: " header (example: "Received: from os6.aeiou.pt (os6.aeiou.pt [207.44.238.115])"). Note the IP address. There is currently only one IP address that hardcorehackers.com email comes from, and that's not it.
  3. Go to SpamCop, paste the header into their Website, and hit Interrogate. SpamCop will look up who owns the IP, and tell you who to send Abuse Reports to. On the next page, you will be able to send the correct party an Abuse Report. In your message, include the entire email you received, as well as a message, such as:
    "I am receiving spoofed messages from the server addressed in the headers of this email. Please shut down this server immediately, or close the relays on the box. You are hosting a machine that is spamming and may be held liable if you refuse to correct this issue."

If you believe that I am operating an open proxy, I would like to know about it and would like to see evidence - to the best of my knowledge, I am not operating an open proxy and will take steps to fix it if I am. Please contact the Post Master at Hard Core Hackers dot com to clarify.


This page (http://hardcorehackers.com/joejob.shtml) was last updated on Friday, 29-Apr-2011 12:40:36 PDT

Contact us