Jump to content

machine1

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About machine1

  • Rank
    Newbie
  1. machine1

    Mailbombing detection and prevention

    Thanks to everyone for their thoughts and information. Normally I get 100-150 spams a day in my held email folder. It's shocking to get to the bottom of the first page and see "5,216 remaining" staring you in the face, and when you report them and get to the bottom of the next page and it says "5,384 remaining" you realize it's mailbombing or newbie spammer with a broken software configuration. It does take a while deleting or reporting using the web interface, about 2.5 minutes for each page of 100. Switching to webmail goes much faster. I DID call the ISP of the last attack, during the attack. After three transfers and about two minutes on hold listening to distorted classical music (Bach, I believe..) I got their 'Security desk.' I explained my plight, told him the IP address and he said "That customer account will be suspended within the hour. Thank you." and he hung up. What else can you ask for? I do report all of them so the IP add'y statistics get pushed up, and thankfully SC aggregates and doesn't mailbomb some poor admin trying to keep up.
  2. Five thousand identical spams from one IP address. I did close examination of the spam looking for hidden differences including a binary checksum of the message and they were indeed identical other than the timestamp. It doesn't matter what the spam was about or what network it came from. This happened to me about six months ago and again a couple weeks ago. It took me several hours to go through and slam the spam each time. The parser takes a rather detailed look at the headers, why can't it detect exact duplicates in the "Subject" line, and instead of forcing me to report or delete all of the thousands of duplicates, just provide ONE copy for examination and add "4,995 identical found." and give you a delete/report all button? I know I probably ticked off some spammer big time, because 5,000 identical spams all from the same IP and all timestamped within a 4 hour period isn't an accident, except the first time. (Well, maybe a real stupid spammer that hasn't figured out how to configure their software..)
×