I have recently been receiving spam that has been listed as my own email address. I remember doing a few telenet emails back in school and know there are some ways to send looking like they are coming from a different place but wanted to ask others opinions on this. The server is a Zimbra 6.06 server running on Debian lenny. Does anyone think there is possibly something wrong with the setup here or is this just some spoofing going on? I can see that the email is coming from outside of the network of course.
Return-Path: [email protected]
Received: from zimbra.example.com (LHLO zimbra.example.com) (10.0.0.1) by
zimbra.example.com with LMTP; Tue, 10 May 2011 06:00:40 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
by zimbra.example.com (Postfix) with ESMTP id D2B9759FC5
for <[email protected]>; Tue, 10 May 2011 06:00:40 -0500 (CDT)
X-Virus-Scanned: amavisd-new at zimbra.example.com
X-Spam-Flag: YES
X-Spam-Score: 8.593
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.593 tagged_above=-10 required=6.6
tests=[BAYES_99=3.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033,
RDNS_NONE=0.1] autolearn=no
Received: from zimbra.example.com ([127.0.0.1])
by localhost (zimbra.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 5Be4Ob1KSuhu for <[email protected]>;
Tue, 10 May 2011 06:00:39 -0500 (CDT)
Received: from [81.211.11.134] (unknown [81.211.11.134])
by zimbra.example.com (Postfix) with ESMTP id 44CBC59D4F
for <[email protected]>; Tue, 10 May 2011 06:00:39 -0500 (CDT)
Received: from 81.211.11.134(helo=example.com)
by example.com with esmtpa (Exim 4.69)
(envelope-from )
id 1MMKY8-2034hf-28
Having a properly configured SPF record can alleviate a little bit of that pain.
It will prevent someone from sending email claiming it is from your domain.
You can write anything in the "From" header field of an email. Try it with standard mail command on any Linux box: