Re: Bogus mails from hijacked accounts

Fri, 12 Mar 2010 17:14:32 -0800 

Hello,

Am 2010-03-12 18:24:14, schrieb ram:
> Why only free accounts , The 419'ers hijack legitimate corporate
> accounts too. Again , As Ips have good reputation and the mails land in
> the inbox 
> I think the only way of handling this to send proper abuse reports 
> 
> Probably the free mail providers are less reponsive to abuse reports
> than corporate ones. 

The roblem is, accourding to the RFCs, ISP must have an <abuse> address,
but do you have ever tried this with a corporated domain?

Even <postmaster> is rejected on most domains.

Ome tim ago we had a problem on a bnch of  Debian  mailinglists  with  a
<persupermarket> and after the ISP was not responsive, I  have  spidered
theire WHOLE Website for corporated E-Mail addresses and put any of them
in the Cc: of my ABUSE autoresponder...  which normaly forward this crap
only to the right <abse> addresses...

After geting arround 1800 spams over the Debian mailinglists which where
multiplid by the factor 37 by me with a friendly text for the recipients
to contact there collegous to stop theire spaming customer

Arround 2 days later the offenting customers domain  was  offline  after
more then one year of spaming.

I think, my 37 x 1800 abuse mails have hit the nerv of someone!

The problem is now, such idiots require heavy manual intervention.

The only solution is:

    1)  Check wheher a "Reply-To:" is set
    2)  If no, continue normal.
    3)  If yes, check it against the "From:" and
        if it is different reject this crap

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/>                 Michelle Konzack
<http://www.can4linux.org/>                   Apt. 917
<http://www.flexray4linux.org/>               50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de           67100 Strabourg/France
IRC    #Debian (irc.icq.com)                  Tel. DE: +49 177 9351947
ICQ    #328449886                             Tel. FR: +33  6  61925193

Attachment: signature.pgp
Description: Digital signature

Reply via email to