Early Saturday morning I happened to check my personal email and there starting in capital letters was a message from the hosting provider of some of my sites:
[ABUSE #12345][198.51.100.32] Email Feedback Report for IP 198.51.100.32
I opened it up and was greeted with the message:
We have received a complaint about your account. Please investigate and fix within 24 hours.
A quick look through seemed to indicate that a spam message had been sent from the domain in question, which I knew to be impossible because I don’t run a mail server on the particular server hosting that domain, nor do I have it set up for email in any other way. I replied back to the hosting provider saying I had no clue what this was about and asking if they could provide more information. A technician nicely replied:
Don’t worry about it. Someone else has managed to spoof your particular IP address in this case. The issue isn’t on your end, and we’re working on it. Thanks for asking, though.
Now… we can have a separate discussion about whether my hosting provider should have not sent me that abuse email in the first place if they were going to work on it, or perhaps should have sent a follow-up letting me know it was nothing to worry about… but the larger issue was again that someone was spoofing the IP address of my server.
Separately, I also received an email from a friend noting that his server had received spam coming from an IP address that resolves back to my domain.
This again is why network operators need to implement anti-spoofing measures such as BCP 38 so that we don’t allow spoofed IP addresses to leave our networks and get out there on the open Internet. If you operate a network, please check out our Anti-Spoofing Basics page and consider what you can do to help increase the overall security of the Internet!