Have I been JoeJob'd? Yup. Hopefully SPF will get widespread and cut down on this sort of thing.

Useful links---Thanks!

--hsm

"Never try to teach a pig to sing...it wastes your time and it annoys the pig."

I'd like to see SPF or something like it become pretty mainstream. My company provides mail hosting (and web, etc) and interestingly as ISPs start to force their customers to use the ISPs mail server for outgoing mail (which restricts self-mailing viruses and spam) the customers can't use their domain's mail server for SMTP (ie the server I look after). I wonder how useful SPF will become as blocking outgoing SMTP traffic becomes more popular.

To answer the question yes at least one of our domains (my company's, not our client's) domains have been used in forged From headers. We got bounces and only a couple complaints from people who weren't able to read the headers and see we didn't send it. Other than the mail server load it wasn't a big deal. It could have been worse.

The e-mail address I use in the office is stolen regularly by viri, most probably from the badly protected addressbooks on clients' computers.

My home e-mail address is spammed very often (about 2/3 of my emails are spam) but that's because I had the audacity to put my e-mail address on my personal website. Thanks to PopFile the spam-flood is now well contained.

Anyway, I immediately changed ISPs (to one running BSD), told them why, and told them I was recommending the same thing to all my friends. My friends scoffed ... until Code Red and Nimda hit the next month.

My captvanhalen@yahoo.com email address was JoeJob'd. The only thing i could do is get another email address and start over. It really sucks, but it won't stop me from truckin' on.

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)