Category Archives: Spam

New spam trick – use an ISP

According to the SpamHaus Project–a U.K.-based antispam compiler of blacklists that block 8 billion messages a day–a new piece of malicious software has been created that takes over a PC. This “zombie” computer is then used to send spam via the mail server of that PC’s Internet service provider. This means the junk mail appears to come from the ISP, making it very hard for an antispam blacklist to block it.

Zombie trick expected to send spam sky-high | CNET News.com

I was afraid something like this was going to happen.

Looks like authenticated mail relaying is going to be mandatory, even inside a network.

The only IP address that will be legitimate for unauthenticated relaying is 127.0.0.1 (localhost) and the mail servers own addresses.

Comment spam

Sigh

I’ve been getting hit with a lot of comment spam recently … pain in the a–.

I found a nifty plugin, however, that let’s me dump comment spam based on certian criteria. Pretty nice.

So far it has worked well … although I had some confusion when I was testing it … because I happened to get some new spam just before I implemented it. I thought the test spam had just been held for moderation instead of being dumped alltogether.

A bit of research, and another test, showed that the plugin was working fine.

Mailing list runs afoul of Rolex

As a mailing list operator, I found this item quite interesting …

Rolex wants spam removed from list archives.

It has come to Rolex’s attention that your company is the Bulletin
Board operator for http://lists.freeswan.org. Your Web Page enables the
following vendors to advertise and conduct sales of counterfeit and
infringing Rolex watches bearing the Rolex Trademarks:

Vendor Exact Location of Counterfeit Rolex
Watch Posting on
http://lists.freeswan.org Web Site/
Bulletin Board

Now two things immediately come to mind about this…

  1. Obviously Rolex’s attorney’s lack clue one when it comes to the source of this ‘violation’. I suspect they are using some kind of web robot (or even Google) to find references to ‘Rolex’ spam on web pages and, thinking the site is actually responsible for the spam, tries to strong arm the content off.
  2. Why do mailing list operators leave their posting policy wide open? It’s really not unreasonable to require that only people who subscribe to the list are allowed to post. This is the policy for ALL my mailing lists.

Obviously this kind of thing isn’t going to effect me … as non-subscribers are not allowed to post on my lists. But the total lack of knowledge on the part of Rolex is disturbing.

AOL and TOS

The other day, while upgrading SpamAssassin, I was watching the maillog scroll past.

I noticed that AOL rejected some of my mail … indicating a URL that I should visit for information.

Turns out some AOL subscriber had reported mail from my server for TOS violations.

Obviously in the mail log there is not useful information about who did the reporting … so I visited the URL. There was information available on how to sign up to be whitelisted by the AOL mail servers and participate in the TOS ‘feedback’ loop. This is where AOL will send a specific email address (an abuse address, generally) messages that are reported as TOS violations.

So I signed up for this and got confirmation that my servers were accepted.

I figure that the person who is reporting the list messages to TOS just wants to get unsubscribed from the list (and can’t read enough english to notice that unsubscribe instructions are at the bottom of every list message).

So today I got my first feedback loop message.

Unfortunately, there’s no indication in the reported message as to WHO reported it to TOS.
Continue reading

Globetechnology: Internet attacks can hit your pocketbook

Internet attacks can hit your pocketbook

Jim Carroll was stunned when Rogers Cable told him it had received a complaint that a hacker was using his Internet address.
Must be a mistake, he told Rogers, his Internet provider. Then a tech helper at the company walked him through his setup and discovered that indeed, he had inadvertently left his business Web server unprotected. It was what is called an “open relay. Someone found it, posted Mr. Carroll’s address on more than 100 Russian bulletin boards, and soon hundreds of people were using Mr. Carroll’s machine to surf anonymously.

Sorry, but I have no sympathy for so called ‘noted high-tech authority’ who leaves his mail server relay function open.

Ordinary users who inadvertatly get infected with spam bots I understand … but people who understand technology should know better.