Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > spam

Reply
 
 
Roedy Green
Guest
Posts: n/a
 
      09-19-2003
A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
 
Reply With Quote
 
 
 
 
Michiel Konstapel
Guest
Posts: n/a
 
      09-19-2003
"Roedy Green" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> A mindless sort of spam is filling my mailbox up with 200+ pieces of
> junk every time I look. Many of these are appear to be bounced
> messages I never sent. What tools do you use to deal with this. I am
> using SpamDetective, but it is overwhelmed by this.


SpamAssassin works like a charm, but it runs server side. We have our
own colocated mail server (me and a bunch of friends), so I get all my
email spam filtered and checked for viruses.
Michiel


 
Reply With Quote
 
 
 
 
Harald Hein
Guest
Posts: n/a
 
      09-19-2003
"Roedy Green" wrote:

> A mindless sort of spam is filling my mailbox up with 200+ pieces
> of junk every time I look. Many of these are appear to be bounced
> messages I never sent.


This sounds like what is called a joe-job. If these are indeed bounces
someone is using your e-mail address as the return-address in spam.

> What tools do you use to deal with this.
> I am using SpamDetective, but it is overwhelmed by this.


You should talk to your provider for at least three reasons:

- To make sure your provider understands that this is a joe-job, and
that you are NOT a spammer, so your account is not in danger.

- To get sever-side filtering on your provider's server, so you don't
have to download all the junk all the time. Also make sure that your
contract with your provider doesn't require you to pay for the
bandwidth the spam steals.

- To enlist your provider's help in analysing the bounces. Most bounces
usually don't contain a lot of data, but if you are lucky, a few might
come from MTAs who include the full original message in the bounce.
This will help you to at least understand for what kind of spam your
name is used. If the spammer is stupid you might even find the origin
of the spam, but professional spam these days is usually sent via open
proxies that don't log.

You can also do the following:

- If the spam points to your web site, replace the advertised web sites
with a message explaining the situation. If the spam uses images from
your web site (img tag in HTML spam), replace these images with images
that contain some text explaining the problem.

- If you know the spam, follow the money trail. Maybe you can find out
who benefits from the spam.

- If people complain directly to you, including verbal abuse, reply
with a short, polite, pre-formulated message explaining the situation.
Point to the real spammer and tell them where they can complain.

- Your name might have been picked at random, or as some kind or
revenge. Go through your recent newsgroup posting and look out for
whiners who didn't like your answers. Try to find links (location,
business, spelling errors, message style, etc.) between the spam and
the whiner's posting.

- Read the various FAQs of news.admin.net-abuse.email to find out more
about reading headers, joe-jobs, finding spammers, and ripping them
apart.

- If this gets over your head ask your provider to temporarly close
your e-mail account. This will be a small win for the spammer but might
save you money and you might sleep better.
 
Reply With Quote
 
Nigel Wade
Guest
Posts: n/a
 
      09-19-2003
Roedy Green wrote:

> A mindless sort of spam is filling my mailbox up with 200+ pieces of
> junk every time I look. Many of these are appear to be bounced
> messages I never sent. What tools do you use to deal with this. I am
> using SpamDetective, but it is overwhelmed by this.
>


It's most likely not spam, but the result of some other [clueless] person
with your mail address in their addressbook getting infected with the Sobig
virus/worm. This is one of the symptoms.

The messages are from [clueless] people who have automatic filtering in
their email systems which send back delivery failure and/or virus detection
messages to the wrong person.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : http://www.velocityreviews.com/forums/(E-Mail Removed)
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
 
Reply With Quote
 
Alan Moore
Guest
Posts: n/a
 
      09-19-2003
On Fri, 19 Sep 2003 02:19:00 GMT, Roedy Green <(E-Mail Removed)>
wrote:

>A mindless sort of spam is filling my mailbox up with 200+ pieces of
>junk every time I look. Many of these are appear to be bounced
>messages I never sent. What tools do you use to deal with this. I am
>using SpamDetective, but it is overwhelmed by this.


This sounds exactly like what I experienced while the Blaster worm was
active. I wasn't infected, but someone that I had corresponded with
was. I got hundreds of virus messages, plus about 1/10 that number of
bounce-backs, because the infected machine was using my address in
messages it sent to other people. So maybe someone you know is
infected with a virus, or unwittingly running an open proxy.

BTW, I use SpamAssassin on my own machine by means of SAProxy (
http://saproxy.bloomba.com/moreinfo.php ), and between it and my mail
provider's built-in filtering, none of the virus messages made it to
my inbox, though many of the bounce-backs did. The only problem with
SAProxy is that it uses a s***load of RAM - it's using 25M right now,
and I've seen it go as high as 80M.
 
Reply With Quote
 
Gary M
Guest
Posts: n/a
 
      09-19-2003
Harald Hein <(E-Mail Removed)> wrote in news:Xns93FB5CFAAFF78hhtoken@
194.97.5.10:

> - To enlist your provider's help in analysing the bounces. Most bounces
> usually don't contain a lot of data, but if you are lucky, a few might
> come from MTAs who include the full original message in the bounce.
> This will help you to at least understand for what kind of spam your
> name is used. If the spammer is stupid you might even find the origin
> of the spam, but professional spam these days is usually sent via open
> proxies that don't log.
>


Excellent suggestions. Also checkout spamcop.net which has free tools to
analyze headers and notify correct authorities.
 
Reply With Quote
 
Sudsy
Guest
Posts: n/a
 
      09-19-2003
Roedy Green wrote:
> A mindless sort of spam is filling my mailbox up with 200+ pieces of
> junk every time I look. Many of these are appear to be bounced
> messages I never sent. What tools do you use to deal with this. I am
> using SpamDetective, but it is overwhelmed by this.


Probably Gibe.F. It spoofs your address (finding it somewhere on the
infected machine) as the sender so you get the double-whammy: the
actual worm (usually masquerading as a Micrs**t Security patch) and
the mail rejection notifications (for e-mails you didn't even send!).
You'd think that someone at Hotmail would have the smarts to
quarantine e-mails with a size of 145-160Kb and the word Micros**t
in the subject, but noooo....
They happily let your mailbox fill up. When you empty it, it fills
up again in no time. Sigh.

 
Reply With Quote
 
William Brogden
Guest
Posts: n/a
 
      09-19-2003

"Harald Hein" <(E-Mail Removed)> wrote in message
news:Xns93FB5CFAAFF78hhtoken@194.97.5.10...
> "Roedy Green" wrote:
>
> > A mindless sort of spam is filling my mailbox up with 200+ pieces
> > of junk every time I look. Many of these are appear to be bounced
> > messages I never sent.

>
> This sounds like what is called a joe-job. If these are indeed bounces
> someone is using your e-mail address as the return-address in spam.
>
> > What tools do you use to deal with this.
> > I am using SpamDetective, but it is overwhelmed by this.

>
> You should talk to your provider for at least three reasons:
>
> - To make sure your provider understands that this is a joe-job, and
> that you are NOT a spammer, so your account is not in danger.
>
> - To get sever-side filtering on your provider's server, so you don't
> have to download all the junk all the time. Also make sure that your
> contract with your provider doesn't require you to pay for the
> bandwidth the spam steals.
>


My ISP uses Postini - it is catching 95 - 100% of the spam and
virus infected mail. The last 12 hrs caught almost 300 total - I
hate to think how folks with slow connections are faring.

WBB


 
Reply With Quote
 
Shane Petroff
Guest
Posts: n/a
 
      09-19-2003
Sudsy wrote:
> Roedy Green wrote:
>
>> A mindless sort of spam is filling my mailbox up with 200+ pieces of
>> junk every time I look.

>
> Probably Gibe.F.


I found this possibility too

http://www.f-secure.com/v-descs/swen.shtml

 
Reply With Quote
 
Brad BARCLAY
Guest
Posts: n/a
 
      09-19-2003
Roedy Green wrote:
> A mindless sort of spam is filling my mailbox up with 200+ pieces of
> junk every time I look. Many of these are appear to be bounced
> messages I never sent. What tools do you use to deal with this. I am
> using SpamDetective, but it is overwhelmed by this.


I've had well over 500 messages this week containing the W32.Swen (aka
W32.Gibe-F) Windows worm. As I don't run Windows at all, I'm immune --
but it's still a royal PITA.

Here's what I'm running, which has been very helpful in dealing with
this deluge:

1) My e-mail program, PMMail/2 (http://www.pmmail2000.com -- an OS/2
program, but a Windows version is also available) has a feature called
"Remote Control", which downloads just the headers from your mail
server, and allows you to browse the messages and select the ones you
want to transfer, and the ones you want to delete. This was _very_
useful this morning when I had over 330 such messages in my inbox -- I
was able to delete them all before actually transferring the 4 messages
I had that were not junk.

2) bogofilter (http://bogofilter.sourceforge.net/). It's baysian
filtering mechanism is excellent -- it's caught all of the messages that
arrive during the day and is shunting them to a Spam folder were I can
briefly inspect them (to ensure no false-positives are caught -- in the
month I've been running it, it hasn't had one false-positive, but I
glance at the list just in case) and delete them.

(In the time it took to type the above, I got another 12 of these
^*^&()^ messages. As if I needed another reason to hate Windows and
it's mindless masses of minions...).

Brad BARCLAY

--
=-=-=-=-=-=-=-=-=
From the OS/2 WARP v4.5 Desktop of Brad BARCLAY.
The jSyncManager Project: http://www.jsyncmanager.org

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Spam-Spam and more Spam C A Preston Computer Support 2 04-12-2004 07:15 PM



Advertisments