Kojote Posted July 24, 2005 Posted July 24, 2005 Looks like a new spammer found me. Over the past 4 months, I've been getting spam, where the subject is always "SEXUALLY-EXPLICIT". After comparing headers and body from all messages, it appears to be coming from the same "person" or "mailing list". The body always has several text areas common with each other. The difference is that these messages are being sent from hundreds of different servers located across the world. Reporting the spam to my internet provider Road Runner, does not help. They have a "spamblock[at]security.rr.com" email to report all spam. But since these messages are coming from new servers every day, it doesn't help. How can a spammer like this, get hold of hundreds of servers across the world? I keep reporting to SpamCop, but I think it's a lost cause. The spammer keeps using different servers, once the others are blocked. Also every so often, the Return-Path seems to have a legit/temporary email address, that he uses. I think he uses these temporary accounts to check if emails are being bounced back to him. Of course, when I find these temp accounts are good, I use Bounce spam Mail program to bounce the spam back at him.
Jeff G. Posted July 24, 2005 Posted July 24, 2005 The spammer is probably using zombies, hijacked proxies, or hijacked relays to do its dirty work. You should not "use Bounce spam Mail program to bounce the spam back at him" because you can never be sure that the email address you are bouncing to actually belongs to the spammer. Misdirected bounces are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of On what type of email should I (not) use SpamCop? and the Misdirected bounces section of Why are auto-responders (and delayed bounces) bad?. You should not fight abuse with abuse.
Kojote Posted July 24, 2005 Author Posted July 24, 2005 okay thanks. I will stop bounces and just keep reporting the spam. I just wish the way SMTP worked would be changed. Someone should make a new protocol that is more secure, where users on the client side can't fake email addresses, IP addresses or headers. Will a successor to SMTP ever be developed in my lifetime?
michaelanglo Posted July 25, 2005 Posted July 25, 2005 I just wish the way SMTP worked would be changed. Someone should make a new protocol that is more secure, where users on the client side can't fake email addresses, IP addresses or headers. 30632[/snapback] SPF prevents forging 'From: ' eaddresses' http://spf.pobox.com/howworks.html But it will be an long while before it has enough users to make a difference and indeed one hapless user discovered that his mails wasn't getting through becasue the destination had implemented SPF checking and he was using the wrong server to send his mail, ie not the one advertised by the ISP who supplied his "from: " address. And the poor chap had never heard of SPF.
Lking Posted July 26, 2005 Posted July 26, 2005 ... where users on the client side can't fake email addresses, IP addresses or headers. 30632[/snapback] Of course as Jeff said "The spammer is probably using zombies, hijacked proxies, or hijacked relays to do its dirty work" in which case the spam (email) IS comming from the address you see. What is needed is not a more secure SMTP, but uses/admistrators that take the time to secure their servers/computers so that spammers can't take control of the resources for their own use.
Jank1887 Posted July 26, 2005 Posted July 26, 2005 uses/admistrators that take the time to secure their servers/computers.30693[/snapback] And I actually think that has to completely fall on the admins. The users can't do anything the admins don't let them do. I.e., before allowing anyone to hook up their cable modem, they have to pass a (somehow) server verified security litmus test. Comcast, Verizon, you listening?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.