[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: List SPAM

To: "Buchholz, Steven" <Steven.Buchholz@kla-tencor.com>
Subject: Re: List SPAM
From: johnc@together.net
Date: Mon, 22 Mar 1999 23:23:47 -0500
CC: "'qlist'" <quattro@coimbra.ans.net>
References: <933713F1FB7BD111AC2300A0C98F1AD101A07ACA@milxpr06.kla-tencor.com>
Sender: owner-quattro@coimbra.ans.net

I tried this once, but Netscape ate it and blew up my universe again... I'll try
one more time...

Yes Steve, there is a Silvia...But..... the email address is totally bogus.
Tried it just in case, yep it's bogus, 'from' and 'reply' addresses are always
bogus in Spam.  So ridiculously easy... (don't reply directly to this message
BTW... reply to johnc@together.net).

The best you can do to deal with Spam, not much but it's something -

1)  Set your mail program to show/view/whatever 'all headers'

2) Check those bad boys out.  You'll see the slime trail that the message came
by.  Here's a non-spam example from my personal inbox (some crap deleted for
simplicity):

    Received: from mx02.together.net (mx02.together.net [204.97.120.62]) by
sequoia.together.net
    Received: from sterling.burton.com (sterling.burton.com [204.52.244.198]) by
mx02.together.net

What you're looking for is the source of the original relay.  In this case,
sterling.burton.com of which the domain is burton.com.  Normally, this is fine,
BUT....

Our Problem For Today:  mail going through the listserver gets regenned and it
will appear to originate from coimbra.ny.ans.net.  And we know Dan would never
do that to us...  so we keep lookin'-

3) Also look for a Message ID.  The famous Sylvia message had:

    Message-ID:  <199903220706.XAA54096@mail.wa.freei.net>

Looks like this message started out from freei.net, quick browse, appears to be
an ISP - bingo. Of course, this can be faked easily too, in which case you won't
find one, and if we didn't get one in step 2, we're hosed.  Otherwise....

4) Taking the domains you found in 2 and/or 3, send a _NICE_, _POLITE_ email to
abuse@domain.com where domain.com = whatever you found.  So for these examples,
abuse@burton.com and abuse@freei.net.  (please don't mail Burton, Scott doesn't
need the WOB... for illustrative purposes only).

Remember that the ISP or company or organization that this stuff came from
probably doesn't tolerate spamming and will be more than happy to shut down the
spammer if they can figure out who where how.  Email should be of the 'It
appears that....I appreciate any action you can take...' nature.  Oh, and make
sure to include all the happy header info we had so much fun with....

5) Dan's reply to me indicated that the new server will allow posting only from
subbed email addresses, and you have to have a real address to sub, so this will
solve the problem for the most part.  Well ok so there's an easy way around
this, but most Spammers won't go to the trouble.

JC

--

__________________________________________________________________

John J Cunningham III           Project Leader / Technical Analyst
                                             Country Home Products
johnc@together.net                            (802) 877-1201 X1242
__________________________________________________________________

References:
- RE: List SPAM
  - From: "Buchholz, Steven" <Steven.Buchholz@kla-tencor.com>

Prev by Date: Jamex Strut Brace Group Purchase
Next by Date: Jamex intake, 4000Q/GT
Prev by thread: RE: List SPAM
Next by thread: thermo fan switch on a 4k
Index(es):
- Date
- Thread