ADDENDUM: [was: SUMMARY: Simple anti-spam system using open-source software and freely-available
2007-12-25 1:48:00
(a) incorrectly replied to mailing list traffic and (b) incorrectly
replied to the author of the message (me) instead of to the sender:
"Diaz, Gustavo" <gdiaz at hprmail.com>
Jason.Shatzkamer at cexp.com
Erik Williams <ewilliams at brownco.com>
"Davis, Bruce" <bdavis at concerto.com>
Hautsalo Kari <Kari.Hautsalo at comptel.com>
"Leonard, Roger" <Roger.Leonard at marconi.com>
"TRUCKS, JESSE (SBCSI)" <jt9873 at sbc.com>
"Pohl, Stefan" <Stefan.Pohl at dresdner-bank.com>
"Linnemann, Britta" <Britta.Linnemann at t-systems.com>
woll at dvont01.univw.uni-saarland.de
Amiri Amar <Amar.Amiri at cnes.fr>
Alex Pokras <Alex.Pokras at rci.rogers.com>
Karien Depijper <karien.depijper at telindus.com>
Klas.Erlandsson at vodafone.se
"Obst, Thomas" <Thomas.Obst at t-mobile.de>
Ying.Xu at TeleCheck.com
Please fix or disable your broken autoresponders.
2. I *strongly* discourage the use of all autoresponders, not just
because they often end up doing obviously broken things like this,
but because they confirm -- for spammers doing dictionary attacks --
that the address is valid and that traffic is being delivered to it.
(And they also confirm that maybe nobody's going to read it for a while,
which means that nobody will complain about spam showing up at it for
a while, which means that this would be an excellent time to shove as
much spam into it as possible.)
3. I further discourage them because they can easily be used to
conduct third-party spam-by-proxy and other attacks. (Think about
what such an autoresponder does with an incoming message. Now think
about how the autoresponder figures out where to send the response.)
4. At least one person on this list is running a horribly broken
"anti-virus" program which flagged my message as containing a copy
of the Hybris virus. Apparently, it's triggered by any mention of it
in the text (!!), and emits this amazingly stupid message:
From: postmaster at publico.pt
Subject: ALERT Possible W95.Hybris Infection
[...]
If you used one of these listed phrases, please reword your message and send
again. PUBLICO.PT will be happy to deliver the message.
[...]
which of course means that it will no doubt flag THIS message too...
as well as copies of its own output, since the "Subject" line contains
the string "Hybris" as well. Duh!
5. On that subject, I *strongly* discourage the use of any kind of
anti-virus software which emits messages back to putative message senders.
Many viruses/worms now in the wild forge the sender, so all that such AV
software does is send a false alarm to someone who doesn't have the virus
and doesn't need to be told. Such messages are in fact unsolicited,
and if sent in bulk, then they qualify as unsolicited bulk email (UBE)
which is THE correct definition of spam.
6. These broken/mis-configured anti-virus packages can also be used to
conduct spam-by-proxy and other attacks. So if you simply *must* run
AV software (instead of ripping the M$ out of your network), then
have it notify YOU about the problem, not anybody else, because there's
really no way the AV software will be reliably able to identify
the "anybody else".
---Rsk
Comments
Got something to say?
You must be logged in to post a comment.
