You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] Doom etc

  • From: Walter Ian Kaye < >
  • Date: Tue, 3 Feb 2004 09:56:51 -0800

At 05:25p +0100 02/03/2004, Anthony Mellor didst inscribe upon an electronic papyrus:

wonder if someone might offer a little guidance.

Copy below of a warning message, offers no means of response so I usually ignore them (take that as guidance, not a request for advice please, you'll see why I ignore below.)

I never sent such a message - presumably I was spoofed....
I do not know the addressee - who now thinks I stink.
I never send zip files
I use a mac (my network is firewalled with Zywall (yes it's enabled)
I do not use Outlook (even for the mac)
Yup, spoofed. Same thing here; I'm also a Mac user, and I also get spoofed.


I am being bombarded with messages from .ru sites all of which contain executables (for pc) and I delete every one on sight; they seem to be trying to tempt me to click on an executable by hiding it in pifs exes and all sorts, inside folders and so on.
Yup, that's what they do.

As I identify targetted "users" I block the user names (because there is only one user on the suffering domain, me). I don't want to switch the "catch all" off.
Yup, I set up a blacklist for a couple dozen usernames as well (adam, alex, alice, bill, bob, dave, etc.) in addition to my other filter rules to catch those attachments and reports.

I receive many brightmail messages saying this and that has been vaped, but I do not recognise anything they mention as having been sent by me.

I have spent ages on the phone to (one of) my main service provider and they assure me all my sending domains are secure (pop before send and now authenticated SMTP).
As you surmised earlier, they're spoofing our domains.
It's really a form of identity theft. :/

If someone has the time and generosity to engage with me on these matters I would be grateful,
Do you have a question?

if not having spent a month learning (basics, site wide, 23 domains) and setting up spamassassin last year, I understand everyone has their own problems.
I wrote my own spam filter program (I suppose it's similar to spamassassin; I've never used any other than my own) and added filter rules and a recipient blacklist to catch all the zillions of mydoom messages sent to some thirty random addresses at my catchall domain. Normally I average about 90% purged from my incoming mail; thanks to this new virus the total is more like 98% purged.

I cannot even calculate how much time it saves me; the amount of junk mail sent to me is overwhelming (I used to go through it manually of course, and if I had to still do that, I would be deleting spam and viruses 23 hours a day!). Currently I only have a "manual" version of my program, but now I'm factoring it to put the subroutines into a separate library, and then I can write a realtime script which will save me even more time -- the time I spend manually running the command-line version (yes it's fun to watch the junk mail being vanquished, but it's still wrong for me to be spending my time doing that when I have other work to attend to). Heh, and that'll take some getting used to ("Dude, where's my mail?" LOL)

I observe that while notifications like these are necessary, they do not offer the user anything but the frustration of knowing we are being used and we can't stop it and are left largely helpless.
Perhaps someday everyone will have filters to block both spam and viruses, and then maybe the senders will give up?

grr.. there should be no defence anywhere on the planet for these people;
Bring back the pillory...

this is my livelihood's chargeable earning time being lost daily.
Umm... isn't spamassassin helping?


  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>