<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Administrative Overheads Arising from UCE


    A week ago someone used "From cs_marketnews1now@localhost".
    "Received:" showed "mut-53-0969.direct.ca [216.66.136.69]" but neither
    bounces nor upset people reads that... Needless to say, math's mail
    server hung a few times just by the load from returned bounces (some
    100 mail/s for several hours), not to mention to human pressure to
    them and to Postmaster@localhost (I know him...).
The same happened here a couple of months ago. There was a
crucial difference though: in our case the spammer used the
*valid* e-mail address of one of our researchers. This had
several other grave consequences:
- Since the address looked and was valid, our institute
  as a whole got bad publicity through this;
- Not only had our central mail system a hard time coping
  with this, but also the user himself (plus postmaster,
  whom I know very well...);
- The user lost credit as a (top) researcher, since many
  people really believed he had sent the crap himself.
We've officially reported the incident to the police, but
we have little hope that the perpetrator will be caught,
or even identified. Furthermore, it became clear that we
could *not* file a complaint based on "abuse of resources".
    
    If I write a note on a pice of paper, sign it "Bill Gates, Microsoft"
    and put it on a billboard, that clearly must be illegal some way(?).
You wouldn't be taken serious either. :-)

    PS
        In the aftermath, I've gone through who was Mail Relay for this
        bastard. Several are in Europe and most of them are in the "naive"
        category. There are, however and to my great disapointment, some
        fairly large and well known European ISPs - probably even active
        RIPE members - that accepted to be Mail Relay for *.direct.ca.
        No response from them yet.
Did you check all the relays involved against RBL and ORBS?


	Piet




<<< Chronological >>> Author    Subject <<< Threads >>>