Date: Tue, 25 Apr 2000 18:50:42 +0100 (GMT+01:00) From: hazed@another.co.uk To: freebsd-security@FreeBSD.ORG Cc: dima@mmc.net.ge Subject: Re: SPAM Problem!! Message-ID: <6112239.956685042682.JavaMail.root@mh-a01.backend.another.com>
next in thread | raw e-mail | index | archive | help
--18945809.956685042666.JavaMail.root@localhost
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
On Tue, Apr 25, 2000 at 09:56:01AM -0700, David Babler wrote:
>
> Someone, claiming to be my mail user (different usernames), sends spam
> mails to the internet.
...
> What shall I do to find this spamer, or how can I protect my domain
> reputation.
If the spammer is using dialup accounts from a certain very large global ISP mentioning no three letter names ;-) it would appear that there is little you can do about your domain's reputation :-(
I see 450+ bounces per day, each one listing tens or hundreds of email recipients that have failed. I have sent headers from a few hundred of a day's bounces with usable headers (i.e. those that didn't pass through MSN's dumb mailers which strip Received: lines!!) to $BIG_ISP abuse email address but not even received a human acknowledgement. In the meantime, they appear to silently drop emails from our legitimate customers - well, only if they use sensible email addresses - same people, same mail server, make up a random address with a couple of letters and some numbers and they get through ...!)
While all this is going on, they also seem to ignore emails following their "Mail test" procedure as detailed on their postmaster auto-bounce. Isn't life great........if only our customers would believe us when we tell them that we've delievered the email to the other ISP, and it's disappeared "somewhere after that" it would be fine, but they seem to have the idea that just because the other ISP is a multinational corporations means they have clue...
I think that the only useful thing you can do with the spam bounces is to identify the abused open relays and report them to relays.mail-abuse.org, ORBS and maybe the relevant postmaster. If anyone has any handy scripts to automate processing bounced spams (*as opposed to received spams*) that they'd be willing to share, please post ;-)
I'm not sure if this is really on-topic for freebsd-security, if anyone would care to suggest a better home please do...(I'm sure it's a bit of a cross-platform issue!)
--
Apologies for any webmail-related mangling of this message.
whatever you want to be (before and after the @)
http://www.another.com
--18945809.956685042666.JavaMail.root@localhost--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6112239.956685042682.JavaMail.root>