Re: Administrative Overheads Arising from UCE
- Date: Tue, 16 Feb 1999 10:46:50 +0100
A week ago someone used "From cs_marketnews1now@localhost".
"Received:" showed "mut-53-0969.direct.ca [216.66.136.69]" but neither
bounces nor upset people reads that... Needless to say, math's mail
server hung a few times just by the load from returned bounces (some
100 mail/s for several hours), not to mention to human pressure to
them and to Postmaster@localhost (I know him...).
The same happened here a couple of months ago. There was a
crucial difference though: in our case the spammer used the
*valid* e-mail address of one of our researchers. This had
several other grave consequences:
- Since the address looked and was valid, our institute
as a whole got bad publicity through this;
- Not only had our central mail system a hard time coping
with this, but also the user himself (plus postmaster,
whom I know very well...);
- The user lost credit as a (top) researcher, since many
people really believed he had sent the crap himself.
We've officially reported the incident to the police, but
we have little hope that the perpetrator will be caught,
or even identified. Furthermore, it became clear that we
could *not* file a complaint based on "abuse of resources".
If I write a note on a pice of paper, sign it "Bill Gates, Microsoft"
and put it on a billboard, that clearly must be illegal some way(?).
You wouldn't be taken serious either. :-)
PS
In the aftermath, I've gone through who was Mail Relay for this
bastard. Several are in Europe and most of them are in the "naive"
category. There are, however and to my great disapointment, some
fairly large and well known European ISPs - probably even active
RIPE members - that accepted to be Mail Relay for *.direct.ca.
No response from them yet.
Did you check all the relays involved against RBL and ORBS?
Piet