Re: [OT Re: SPAM Problem]

From: Louis LeBlanc (FreeBSD_at_keyslapper.net)
Date: 07/24/05

  • Next message: Louis LeBlanc: "Re: undelete in FreeBSD?"
    Date: Sun, 24 Jul 2005 10:20:49 -0400
    To: freebsd-questions@freebsd.org
    
    
    

    On 07/23/05 05:11 PM, Greg Maruszeczka sat at the `puter and typed:
    > Aaron Siegel wrote:
    > > Hello
    > >
    > > This message is off topic but I was not sure were else I can go to get help
    > > with my problem. For the past week I have been receiving messages from
    > > various mail servers which have bounced messages I have not sent but have my
    > > email address as the originator of the bounced message. I believe there are
    > > some SPAMers using my email address on their SPAM. I would really like to
    > > avoid changing my domain name. Has anyone experienced this problem? Is there
    > > something I can do?
    > >
    >
    > It's probably "blowback" resulting from the activities of worm-infected
    > windows hosts. Someone you correspond with got infected and the worm
    > subsequently propagated itself by picking your name from their address
    > book and inserting it into the from: header of the message carrying the
    > worm. Then, badly configured MTAs send "helpful" NDRs to the "sender"
    > informing them that they're messages couldn't be delivered
    >
    > Pretty routine, really.

    Sorry I missed the OP, but this is something pretty much everyone sees
    at one time or another. I got to the point where I was receiving
    around 200/day before I started seeing myself in Joe-Jobs. Basically,
    they want a shot at getting through those servers that simply require
    a valid email address in the From: header.

    I find it ridiculous that these mail servers simply bounce it to that
    address rather than simply interpreting the headers and sending it
    back to abuse/postman/admin at the originating relay. This would certainly
    bring it to the attention of the very few people with the ability to
    stop the email coming.

    In the meantime, I'm afraid there's not much you can do unless you
    want to track that relay down yourself. Even if you find it, most
    times it's out of your reach (different country, etc). And if you do
    find it and it's coming from the next town over, it's not like the
    authories will want to convict anyone of identity theft - they still
    tend to go for the low hanging fruit, so best case scenario is you can
    get the ISP to shut them down until they find another provider. Maybe
    (big maybe) the ISP will sue them, but you don't get anything for your
    effort but the satisfaction that they got burned.

    I eventually shut down the domain I was getting so much spam at. I
    recently turned it back on after 6 months of downtime and immediately
    started getting over 40/day. Looks like some spammers never pare down
    the lists they sell. The only thing you can really do is install spam
    filters (like ports/mail/p5-Mail-SpamAssassin) so you don't have to
    look at it. Just make sure your address isn't whitelisted.

    Lou

    -- 
    Louis LeBlanc                          FreeBSD-at-keyslapper-DOT-net
    Fully Funded Hobbyist,                   KeySlapper Extrordinaire :)
    Please send off-list email to:         leblanc at keyslapper d.t net
    Key fingerprint = C5E7 4762 F071 CE3B ED51  4FB8 AF85 A2FE 80C8 D9A2
    I do desire we may be better strangers.
        -- William Shakespeare, "As You Like It"
    
    



  • Next message: Louis LeBlanc: "Re: undelete in FreeBSD?"

    Relevant Pages

    • Re: Change coming for Wikipedia
      ... assuming it's acceptable to the world's mail servers. ... is not a header label; ... a lot of spam sent to you would be delivered to someone else instead.) ...
      (alt.usage.english)
    • Re: [PHP] Cannot send a hyperlink (resent)
      ... many mail servers will block any mail with ... chances that its going to be spam. ... I'd personally not use that header. ... tedd wrote: ...
      (php.general)
    • Two different sender addresses in one process in the maillog.
      ... header: X-Antivirus: Dr.Web for Mail Servers on mail ... Subject: [SPAM:: 13.20] =?koi8-r?B? ...
      (comp.mail.sendmail)
    • Re: Firewall suggestion?
      ... > I have a customer that is using Exchange 5.5 behind a simple firewall. ... > server by trying to use it as a Spam relay. ... The target hosts must be ... If this header is set, ...
      (comp.security.firewalls)
    • Re: PLUG: PMAS
      ... appeared to be either an open proxy or completely owned by the spammer. ... out the spam history of a I.P. address. ... I have recently seen both Comcast and Google mail servers get rejected. ... I have seen Gmail file bounce messages from mail sent from it in the ...
      (comp.os.vms)