RobertWilliams Posted May 26, 2005 Posted May 26, 2005 Since it is so hard to report bounce-backs in SpamCop (usually because the bouncing system isn't listed as a open relay), I wrote this template that I send out to postmasters of those domains that I can't report. This is basically to educate IT Administrators on how to stop spam and secure their e-mail servers. I hope everyone here can use the information I've put in it. Please read it, if you like it, forward it to other Administrators you think could use the information. I have removed all the links from my version and bolded the websites to make the links a little easier to see. -----BEGIN TEMPLATE----- This is NOT an auto-responder, I have taken my time to research the e-mails I have received, and I pulled your address out of it. I work as an IT Administrator/Postmaster for a Small Business. If you have received an e-mail from me in the past, then you are still having problems with spam, and you should really look into this. I am sending you this e-mail because I have received an e-mail from your postmaster. The e-mail I received from your postmaster was notifying a fictitious e-mail account within my domain that an address in your domain was unreachable. This is because someone outside of both our domains is spamming you and forging the headers to make them look like they came from my domain. As an IT Administrator/Postmaster, I would like to not only assist you in securing your e-mail server, but I also feel it is my job to help clean up some of the spam on the internet, especially if it looks like it came from my network. In my search to keep the spam out of my network, I found a few documents and websites that have really helped reduce the spam and helped to secure my network. I urge you to please check out ALL of these websites. I have, intentionally, not placed any links on here, as links within e-mails can be dangerous. Please just open a browser and type (or copy and paste) the links into the address bar. #1) Learn how to read E-mail Headers: www.stopspam.org/email/headers.html is probably one of the best documents I have found. #2) Go to www.SpamCop.net, sign up with them to report the spam you are receiving. They will do most of the work for you. Great service, I support them 110%. #3) Set your mail server up to use spam Blocking Lists (SBLs) and Realtime Blocking Lists (RBLs). This info can be found at http://www.spamcop.net/fom-serve/cache/291.html #4) If you're running any version of Microsoft Exchange, I highly suggest using ORFilter (go to http://martijnjongen.com) , this is another Free program. #5) Join the SpamCop forum at http://forum.spamcop.net/forums/ and learn a little more about what is going on in your system. #6) Check out www.Spamhaus.org for more information on spam Filtering, the Register of Known spam Operations (ROKSO), and a plethura of other great articles. #7) If you're interested in tracing some of the IP Addresses yourself, here is a list of all the places to go to do it: Network Solutions: http://www.networksolutions.com/en_US/whois/index.jhtml American Registry for Internet Numbers (ARIN): http://www.arin.net/index.shtml Asia Pacific Network Information Centre (APNIC): http://www.apnic.net/ Latin American and Caribbean Internet Address Registry (LACNIC): http://lacnic.net/en/index.html African Internet Numbers Registry IP Addresses (AfriNIC): http://www.afrinic.net/cgi-bin/whois Réseaux IP Européens (RIPE): http://www.ripe.net/whois #8) Check these lists of ports, they might be of some help to you when you are first checking your network. http://www.iss.net/security_center/advice/...ts/default.htm; http://www.iana.org/assignments/port-numbers #9) Here is another list of RBLs and Open Relays that is pretty informational: http://www.email-policy.com/spam-black-lists.htm Please, forward this message on to any IT Administrators you know. Together we can block spam at it's source. Thank you, -----END TEMPLATE-----
Wazoo Posted May 26, 2005 Posted May 26, 2005 I'm not sure what you are suggesting in item #2 .. there is no 'registry' ... perhaps you meant abuse.net (but even that doesn't 'qualify' one as a spammer/non-spammer) ...??? Overall, not nesessarily a bad document, just that the 'clued' will find it redundant, the 'clueless' will probably go with that it "doesn't apply to them" <g>
RobertWilliams Posted May 26, 2005 Author Posted May 26, 2005 Ok, maybe I miss worded it, when I signed up to report spam to spamcop, I had to register my mail server so that THEY knew I wasn't spamming them. I'll make a few revisions to that now. Thanks RW
RobertWilliams Posted May 26, 2005 Author Posted May 26, 2005 What about the clueless people that think they have a clue? Or the semi-clued? Or even the semi-clueless? Think they might be interested in this? Thanks RW
Wazoo Posted May 26, 2005 Posted May 26, 2005 OK, that would be the MailHost configuration of your reporting account. The primary focus of that was to work around some 'good' forgeries, the secondary effect was to help reduce the 'self-reporting' scenario. The only other 'major' change I'd suggest is to send it to those that need a clue .. if there is no reason to send it, don't .... you really don't want to tick off those 'friendly and knowledgable' Admin folks ...
RobertWilliams Posted May 26, 2005 Author Posted May 26, 2005 OK, that would be the MailHost configuration of your reporting account. The primary focus of that was to work around some 'good' forgeries, the secondary effect was to help reduce the 'self-reporting' scenario. I gotcha, I do remember reading that (now). The only other 'major' change I'd suggest is to send it to those that need a clue .. if there is no reason to send it, don't .... you really don't want to tick off those 'friendly and knowledgable' Admin folks ... Good idea, I was just thinking how I would take a message like that, I wouldn't be offended by it, I would look at it like more information....we can never stop learning. Have a great one Wazoo Thanks for your input. RW
Recommended Posts
Archived
This topic is now archived and is closed to further replies.