On Fri, Jul 25, 2003 at 12:50:02PM -0400, [EMAIL PROTECTED] wrote: > i dont know how useful this would be, but i was thinking of a spam > reporting tool that did the following: > sends a message to root/webmaster/whatever of the mailing ip > traceroutes the ip, and finds the location facility and/or isp -- then > mails root/webmaster and all whois contacts for that company > > emails would say something to the effect of: > unsolicited bulk mail has come from your server, or a server on your > network > please take the appropriate actions to secure your machine, if this > were a hack, or prevent your customer from doing this in the future > should another message be received from this ip, it will be > immediately listed on dns blocking lists > should further messages be sent through your network, your entire > address block will listed on dns blocking lists > > i'm just really fucking sick of some of these spams i've been getting > lately. the bulk of them lately have been coming from companies that > use level3.net
Bad idea, I think. Certainly you should not mail the whois contacts using an automated tool, and I think it is not entirely wise to mail other mailboxes using such a tool if there is no human in the loop. Possibly root/webmaster/whatever at the mailing IP won't exist; the only one that is RFC-required to exist is postmaster (in any mixture of upper and lower case), and then it's required only if the owner intended it to send mail. If the machine has been trojaned by SoBig or its ilk, the trojan includes an SMTP engine for sending spam, but may not be listening for new connectoins on TCP port 25. In general, I think that automatically mailing *anyone* in a given domain because of spam apparently sent from or through that domain is an idea whose time is not going to come. A little perspective here: I used to run [EMAIL PROTECTED], until April 2001; they were respectable but overworked then, and we tried our damnedest to handle complaints in as timely and Internet-friendly a fashion as we could. We were hampered by management to an unbelievable extent, and by shotgun complaints from spamcop and other automated complaint tools to a point that we tended to work them last, because they generally were misdirected. I've been on the working end of an abuse desk. It is no fun at all, and it is unbelievably frustrating. Before that, I was the assistant manager of the IT division at a large state agency in the US midwest (WeBuildHighways) with about 3000 Email boxes; I retired from there after 25 years. I'm back there now, as a consultant, doing the anti-virus and anti-spam stuff for them. I'm also security@ and abuse@ there. Someone else is postmaster@ and webmaster@, thank @PANTHEON. I used to try to complain about every spam that hit my home mailbox, and about every spam that my users forwarded to me at work. But I see 50 to 60 at home, and 2000 at work, *per day*, and can't report them all by hand. I need an automated tool myself, but it *must* have a human in the loop, for sanity-checking. Spamcop is not sufficient IMHO; YMMV. -- Mike Andrews [EMAIL PROTECTED] Tired old sysadmin since 1964 ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
