[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [OT] Email spam

Subject: Re: [cobalt-users] [OT] Email spam
From: Paul Warner <pwarner@xxxxxxxxxxxxxxxxxx>
Date: Tue Aug 27 05:16:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Andy-

A similar thing happened to me...check and see what the original message
(that bounced) looks like.  You should do as many of the following as
possible:

#  Identify the IP of the sender's network or first hop and notify the ISP
or owner of that ARIN block assignment.
#  If the <from> address is bogus and is hitting a catch-all, create an
account for that address and forward to /dev/null
#  Somewhere in the message is a link to the company that hired the
spammer - find this and call/email them directly describing what is/has
happened.  Usually in the link there is a code that id's the 'affiliate'
that sent the spam so that they can get credit for any click-thrus.  Most
companies are pretty hot when they find out what was done - they were sold
the 'we're not like other mass e-mail marketers' line.
#  Watch other addresses.  After the first, the spammer in my case kept
picking new semi-random addresses on my domain for replies.
#  Notify YOUR ISP.  I had several recipients of the spam notify my ISP that
I was spamming since my domain was listed in the <from> or <reply-to>
address.  Include a copy of a bounce that shows the original message.
#  Keep tabs on disc usage to make sure that the logs and mail files don't
consume all your space.
#  They will usually move on after a couple of rounds of messages.

If you need me to search the headers and see what/where look like
candidates, please forward to me and I'll be happy to help!

-- Paul


----- Original Message -----
From: "Andy Clyde, oxfordmusic.net" <andy.clyde@xxxxxxxxxxxxxxx>
To: "Cobalt Users" <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, August 27, 2002 6:41 AM
Subject: [cobalt-users] [OT] Email spam


> very off-topic i know but if someone could point me in the right place for
> an answer i'd be most grateful, otherwise just delete...
>
> one of my clients has had his email hijacked for spam about Viagra. i've
> checked our server and it doesn't seem to be coming through us (i ran 'cat
> maillog | grep viagra' and nothing showed up, plus our IP does not feature
> in the email headers). is there anything we can do about this, or are they
> just forging the email header and we have to put up with it. we only found
> out coz our client got 1000 bounce back emails this morning.
>
> much obliged
>
> andy
>
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>

References:
- [cobalt-users] [OT] Email spam
  - From: Andy Clyde, oxfordmusic.net

Prev by Date: Re: [cobalt-users] [OT] Email spam
Next by Date: RE: [cobalt-users] [OT] Email spam
Previous by thread: RE: [cobalt-users] [OT] Email spam
Next by thread: RE: [cobalt-users] [OT] Email spam

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index