Re: [anti-spam-wg@localhost] Doom etc

[Walter Ian Kaye <]

At 05:25p +0100 02/03/2004, Anthony Mellor didst inscribe upon an 
electronic papyrus:

> wonder if someone might offer a little guidance.
>
> Copy below of a warning message, offers no means of response so I 
> usually ignore them (take that as guidance, not a request for advice 
> please, you'll see why I ignore below.)
>
> I never sent such a message - presumably I was spoofed....
> I do not know the addressee - who now thinks I stink.
> I never send zip files
> I use a mac (my network is firewalled with Zywall (yes it's enabled)
> I do not use Outlook (even for the mac)
Yup, spoofed. Same thing here; I'm also a Mac user, and I also get spoofed.

> also:
>
> I am being bombarded with messages from .ru sites all of which 
> contain executables (for pc) and I delete every one on sight; they 
> seem to be trying to tempt me to click on an executable by hiding it 
> in pifs exes and all sorts, inside folders and so on.
Yup, that's what they do.

> As I identify targetted "users" I block the user names (because 
> there is only one user on the suffering domain, me). I don't want to 
> switch the "catch all" off.
Yup, I set up a blacklist for a couple dozen usernames as well (adam, 
alex, alice, bill, bob, dave, etc.) in addition to my other filter 
rules to catch those attachments and reports.

> I receive many brightmail messages saying this and that has been 
> vaped, but I do not recognise anything they mention as having been 
> sent by me.
>
> I have spent ages on the phone to (one of) my main service provider 
> and they assure me all my sending domains are secure (pop before 
> send and now authenticated SMTP).
As you surmised earlier, they're spoofing our domains.
It's really a form of identity theft. :/

> If someone has the time and generosity to engage with me on these 
> matters I would be grateful,
Do you have a question?

> if not having spent a month learning (basics, site wide, 23 domains) 
> and setting up spamassassin last year, I understand everyone has 
> their own problems.
I wrote my own spam filter program (I suppose it's similar to 
spamassassin; I've never used any other than my own) and added filter 
rules and a recipient blacklist to catch all the zillions of mydoom 
messages sent to some thirty random addresses at my catchall domain. 
Normally I average about 90% purged from my incoming mail; thanks to 
this new virus the total is more like 98% purged.

I cannot even calculate how much time it saves me; the amount of junk 
mail sent to me is overwhelming (I used to go through it manually of 
course, and if I had to still do that, I would be deleting spam and 
viruses 23 hours a day!). Currently I only have a "manual" version of 
my program, but now I'm factoring it to put the subroutines into a 
separate library, and then I can write a realtime script which will 
save me even more time -- the time I spend manually running the 
command-line version (yes it's fun to watch the junk mail being 
vanquished, but it's still wrong for me to be spending my time doing 
that when I have other work to attend to). Heh, and that'll take some 
getting used to ("Dude, where's my mail?" LOL)

> I observe that while notifications like these are necessary, they do 
> not offer the user anything but the frustration of knowing we are 
> being used and we can't stop it and are left largely helpless.
Perhaps someday everyone will have filters to block both spam and 
viruses, and then maybe the senders will give up?

> grr.. there should be no defence anywhere on the planet for these people;
Bring back the pillory...

> this is my livelihood's chargeable earning time being lost daily.
Umm... isn't spamassassin helping?


-boo