Deploy360 3 November 2014

A Personal Example Of Why We Need Anti-Spoofing Measures Deployed

By Dan YorkDirector, Internet Technology

Anti-SpoofingEarly Saturday morning I happened to check my personal email and there starting in capital letters was a message from the hosting provider of some of my sites:

[ABUSE #12345][198.51.100.32] Email Feedback Report for IP 198.51.100.32

I opened it up and was greeted with the message:

We have received a complaint about your account. Please investigate and fix within 24 hours.

A quick look through seemed to indicate that a spam message had been sent from the domain in question, which I knew to be impossible because I don’t run a mail server on the particular server hosting that domain, nor do I have it set up for email in any other way.  I replied back to the hosting provider saying I had no clue what this was about and asking if they could provide more information.  A technician nicely replied:

Don’t worry about it. Someone else has managed to spoof your particular IP address in this case. The issue isn’t on your end, and we’re working on it. Thanks for asking, though.

Now… we can have a separate discussion about whether my hosting provider should have not sent me that abuse email in the first place if they were going to work on it, or perhaps should have sent a follow-up letting me know it was nothing to worry about…  but the larger issue was again that someone was spoofing the IP address of my server.

Separately, I also received an email from a friend noting that his server had received spam coming from an IP address that resolves back to my domain.

This again is why network operators need to implement anti-spoofing measures such as BCP 38 so that we don’t allow spoofed IP addresses to leave our networks and get out there on the open Internet.  If you operate a network, please check out our Anti-Spoofing Basics page and consider what you can do to help increase the overall security of the Internet!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...