‹ Back
Deploy360 3 November 2014

A Personal Example Of Why We Need Anti-Spoofing Measures Deployed

Dan York
By Dan YorkDirector, Online Content

Anti-SpoofingEarly Saturday morning I happened to check my personal email and there starting in capital letters was a message from the hosting provider of some of my sites:

[ABUSE #12345][198.51.100.32] Email Feedback Report for IP 198.51.100.32

I opened it up and was greeted with the message:

We have received a complaint about your account. Please investigate and fix within 24 hours.

A quick look through seemed to indicate that a spam message had been sent from the domain in question, which I knew to be impossible because I don’t run a mail server on the particular server hosting that domain, nor do I have it set up for email in any other way.  I replied back to the hosting provider saying I had no clue what this was about and asking if they could provide more information.  A technician nicely replied:

Don’t worry about it. Someone else has managed to spoof your particular IP address in this case. The issue isn’t on your end, and we’re working on it. Thanks for asking, though.

Now… we can have a separate discussion about whether my hosting provider should have not sent me that abuse email in the first place if they were going to work on it, or perhaps should have sent a follow-up letting me know it was nothing to worry about…  but the larger issue was again that someone was spoofing the IP address of my server.

Separately, I also received an email from a friend noting that his server had received spam coming from an IP address that resolves back to my domain.

This again is why network operators need to implement anti-spoofing measures such as BCP 38 so that we don’t allow spoofed IP addresses to leave our networks and get out there on the open Internet.  If you operate a network, please check out our Anti-Spoofing Basics page and consider what you can do to help increase the overall security of the Internet!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

How To Survive A DNS DDoS Attack - Consider using multiple DNS providers
How To Survive A DNS DDoS Attack - Consider using multiple DNS providers
Domain Name System (DNS)25 October 2016

How To Survive A DNS DDoS Attack – Consider using multiple DNS providers

How can your company continue to make its website and Internet services available during a massive distributed denial-of-service (DDoS) attack...

No, DNSSEC Would NOT Help Prevent Microsoft's Seizure Of Domains
Deploy3602 July 2014

No, DNSSEC Would NOT Help Prevent Microsoft's Seizure Of Domains

With a great bit of the tech media's attention this week on Microsoft's court-sanctioned seizure of 23 domains from dynamic DNS...

Email Hijacking - New Research Shows Why We Need DNSSEC Now!
Deploy36012 September 2014

Email Hijacking – New Research Shows Why We Need DNSSEC Now!

Want a great example of why we need DNSSEC now?  Consider this new research from the CERT/CC team at Carnegie...

Join the conversation with Internet Society members around the world