spam

[Roedy Green]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

 

[Michiel Konstapel]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

SpamAssassin works like a charm, but it runs server side. We have our
own colocated mail server (me and a bunch of friends), so I get all my
email spam filtered and checked for viruses.
Michiel

 

[Harald Hein]

A mindless sort of spam is filling my mailbox up with 200+ pieces
of junk every time I look. Many of these are appear to be bounced
messages I never sent.

This sounds like what is called a joe-job. If these are indeed bounces
someone is using your e-mail address as the return-address in spam.

What tools do you use to deal with this.
I am using SpamDetective, but it is overwhelmed by this.

You should talk to your provider for at least three reasons:

- To make sure your provider understands that this is a joe-job, and
that you are NOT a spammer, so your account is not in danger.

- To get sever-side filtering on your provider's server, so you don't
have to download all the junk all the time. Also make sure that your
contract with your provider doesn't require you to pay for the
bandwidth the spam steals.

- To enlist your provider's help in analysing the bounces. Most bounces
usually don't contain a lot of data, but if you are lucky, a few might
come from MTAs who include the full original message in the bounce.
This will help you to at least understand for what kind of spam your
name is used. If the spammer is stupid you might even find the origin
of the spam, but professional spam these days is usually sent via open
proxies that don't log.

You can also do the following:

- If the spam points to your web site, replace the advertised web sites
with a message explaining the situation. If the spam uses images from
your web site (img tag in HTML spam), replace these images with images
that contain some text explaining the problem.

- If you know the spam, follow the money trail. Maybe you can find out
who benefits from the spam.

- If people complain directly to you, including verbal abuse, reply
with a short, polite, pre-formulated message explaining the situation.
Point to the real spammer and tell them where they can complain.

- Your name might have been picked at random, or as some kind or
revenge. Go through your recent newsgroup posting and look out for
whiners who didn't like your answers. Try to find links (location,
business, spelling errors, message style, etc.) between the spam and
the whiner's posting.

- Read the various FAQs of news.admin.net-abuse.email to find out more
about reading headers, joe-jobs, finding spammers, and ripping them
apart.

- If this gets over your head ask your provider to temporarly close
your e-mail account. This will be a small win for the spammer but might
save you money and you might sleep better.

 

[Nigel Wade]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

It's most likely not spam, but the result of some other [clueless] person
with your mail address in their addressbook getting infected with the Sobig
virus/worm. This is one of the symptoms.

The messages are from [clueless] people who have automatic filtering in
their email systems which send back delivery failure and/or virus detection
messages to the wrong person.

 

[Alan Moore]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

This sounds exactly like what I experienced while the Blaster worm was
active. I wasn't infected, but someone that I had corresponded with
was. I got hundreds of virus messages, plus about 1/10 that number of
bounce-backs, because the infected machine was using my address in
messages it sent to other people. So maybe someone you know is
infected with a virus, or unwittingly running an open proxy.

BTW, I use SpamAssassin on my own machine by means of SAProxy (
http://saproxy.bloomba.com/moreinfo.php ), and between it and my mail
provider's built-in filtering, none of the virus messages made it to
my inbox, though many of the bounce-backs did. The only problem with
SAProxy is that it uses a s***load of RAM - it's using 25M right now,
and I've seen it go as high as 80M.

 

[Gary M]

- To enlist your provider's help in analysing the bounces. Most bounces
usually don't contain a lot of data, but if you are lucky, a few might
come from MTAs who include the full original message in the bounce.
This will help you to at least understand for what kind of spam your
name is used. If the spammer is stupid you might even find the origin
of the spam, but professional spam these days is usually sent via open
proxies that don't log.

Excellent suggestions. Also checkout spamcop.net which has free tools to
analyze headers and notify correct authorities.

 

[Sudsy]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

Probably Gibe.F. It spoofs your address (finding it somewhere on the
infected machine) as the sender so you get the double-whammy: the
actual worm (usually masquerading as a Micrs**t Security patch) and
the mail rejection notifications (for e-mails you didn't even send!).
You'd think that someone at Hotmail would have the smarts to
quarantine e-mails with a size of 145-160Kb and the word Micros**t
in the subject, but noooo....
They happily let your mailbox fill up. When you empty it, it fills
up again in no time. Sigh.

 

[William Brogden]

This sounds like what is called a joe-job. If these are indeed bounces
someone is using your e-mail address as the return-address in spam.


You should talk to your provider for at least three reasons:

- To make sure your provider understands that this is a joe-job, and
that you are NOT a spammer, so your account is not in danger.

- To get sever-side filtering on your provider's server, so you don't
have to download all the junk all the time. Also make sure that your
contract with your provider doesn't require you to pay for the
bandwidth the spam steals.

My ISP uses Postini - it is catching 95 - 100% of the spam and
virus infected mail. The last 12 hrs caught almost 300 total - I
hate to think how folks with slow connections are faring.

WBB

 

[Shane Petroff]

Probably Gibe.F.

I found this possibility too

http://www.f-secure.com/v-descs/swen.shtml

 

[Brad BARCLAY]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

I've had well over 500 messages this week containing the W32.Swen (aka
W32.Gibe-F) Windows worm. As I don't run Windows at all, I'm immune --
but it's still a royal PITA.

Here's what I'm running, which has been very helpful in dealing with
this deluge:

1) My e-mail program, PMMail/2 (http://www.pmmail2000.com -- an OS/2
program, but a Windows version is also available) has a feature called
"Remote Control", which downloads just the headers from your mail
server, and allows you to browse the messages and select the ones you
want to transfer, and the ones you want to delete. This was _very_
useful this morning when I had over 330 such messages in my inbox -- I
was able to delete them all before actually transferring the 4 messages
I had that were not junk.

2) bogofilter (http://bogofilter.sourceforge.net/). It's baysian
filtering mechanism is excellent -- it's caught all of the messages that
arrive during the day and is shunting them to a Spam folder were I can
briefly inspect them (to ensure no false-positives are caught -- in the
month I've been running it, it hasn't had one false-positive, but I
glance at the list just in case) and delete them.

(In the time it took to type the above, I got another 12 of these
^*^&()^ messages. As if I needed another reason to hate Windows and
it's mindless masses of minions...).

Brad BARCLAY

 

[Brad BARCLAY]

I found this possibility too

http://www.f-secure.com/v-descs/swen.shtml

W32.Swen and W32.Gibe-F are one and the same virus. Different virus
companies ofter create their own names for virii when they first analyze
them. From Symantec's website (which calls it W32.Swen.A@mm), the
following are synomyms:

Swen [F-Secure], W32/Swen@mm [McAfee], W32/Gibe-F [Sophos], Worm Swen.A

Brad BARCLAY

 

[Roedy Green]

This sounds exactly like what I experienced while the Blaster worm was
active. I wasn't infected, but someone that I had corresponded with
was. I got hundreds of virus messages, plus about 1/10 that number of
bounce-backs, because the infected machine was using my address in
messages it sent to other people.

do any of the spam filters deal with this? It annoys me to filter out
every sort of bounce message, because sometimes messages I send
bounce, and that I do want to know about.

 

[Roedy Green]

Micrs**t Security patch

That sounds like it alright.

 

[Virgil Green]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

I'm using SpamAssassin on the server side with subject line rewriting and
encapsulation of identified spam (as an attachment). I use MailWasher
(www.mailwasher.net) on the client side along with Outlook Express filtering
rules.

- Virgil

 

[Ralf Bensmann]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

I am using Netscape or Mozilla (Thunderbird) as mail client. It has a
wonderful spam detection engine. You have to train it a bit, and it
works good.


Mit freundlichem Gruß / Kind regards

Ralf Bensmann

 

[Carl Rosenberger]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

Hi Roedy,

indeed it's really really bad since yesterday. I think
I am short of 1000 virus messages in 24 hours.

I use K9 on my client machine along with Outlook and
OutlookExpress message rules and I am quite happy
with it:
http://keir.net/k9.html

Since customer mails often tend to look like Spam,
I am staying away from a more restrictive server-side
spam-filtering tools.

Cheers,
Carl

 

[Neil Campbell]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

I've recently been using Popfile (http://popfile.sourceforge.net), which
does a reasonable job but gets a few too many false positives for my
liking.

I've also looked at Spambayes (http://spambayes.sourceforge.net). This
seems to be much more accurate than Popfile, but I've become dispirited
with it because its IMAP proxy is so buggy. The POP proxy seems OK though.

Vipul's Razor is quite a good idea, but needs more work to integrate. I'm
working on an email client that provides built-in support for this (as well
as others), but I'm not very close to finishing it yet.

 

[Roedy Green]

I'm using SpamAssassin on the server side with subject line rewriting and
encapsulation of identified spam (as an attachment). I use MailWasher
(www.mailwasher.net) on the client side along with Outlook Express filtering
rules.

SpamDetective packed it in. I talked with my ISP who said the
mailserver is up, but the poor thing did not know what to do with 6000
spams and timed out.

Mailwasher is similar, but it has ways of saying "mark everything to
be deleted" then you mark the execeptions to keep.

It also has a "Not to me" filter which seems to catch a lot of junk.

It is really shareware.

 

[Roedy Green]

I use K9 on my client machine along with Outlook and
OutlookExpress message rules and I am quite happy
with it:
http://keir.net/k9.html

This one works as a proxy mailserver. You reconfigure your mail
program to talk to it, and it talks to your ISP.

 

[Kent Paul Dolan]

A mindless sort of spam is filling my mailbox up with 200+ pieces of
junk every time I look. Many of these are appear to be bounced
messages I never sent. What tools do you use to deal with this. I am
using SpamDetective, but it is overwhelmed by this.

Roedy, for a guy as talented with computers as you are, you sure have
some incredible blind spots.

This isn't "spam" -- unsolicited commercial bulk email sent from a
limited number of locations in an attempt to make a profit, using a
predefined address list off a CD-ROM.

This is a virus storm, sent from literally millions of computers which
the virus has found vulnerable, infected, and is using as new staging
areas.

Every one of them with your email address in an address book of some
correspondent of yours is cheerfully including you in the recipients of
the next generation of the virus, who knows how many times.

Most of the defenses against spam aren't going to work in the first few
days of a virus storm, because usually the persons whose computers are
infected (1) don't know it, (2) don't keep their machine up to date with
the latest patchlevels, and (3) aren't going to be sophisticated enough
to realize there is a problem about which they can take useful action.

Also, the anti-virus filter writers need time to catch up and for their
products to be distributed to help break the chain of forwarding.

The "bounced messages I never sent" is completely bogus, that is all
canned wrapper around the virus packets, there just to let the virus
writer say "made you look".

That's the part where I'm surprised you are so naive.

This particular virus exploits a hole that lets your machine get
infected even if you never open attachments; merely looking at the email
suffices, so if your computer is of the vulnerable sort and not up to
date with the patches, you are now helping flood the Net with virus
copies, merely by opening an email to see what it said inside.

Everybody, make sure your online software updates are current, and avoid
opening any email of size 130K and above for a while. If you already
did, odds are pretty fair your machine is infected, get help cleaning it
out.

You should _also_ be receiving a flood of similar virus spawn from ISPs
who filter the virus in outbound email, but cannot resist the urge to
tell you so. These messages are usually 1/10th the size of the intact
virus emails, but just as big a nuisance, and in the 5800 emails I've
discarded so far, seem to be about 40% of the count.

Sigh.

xanthian.

And by the way, this is an inappropriate thread for this newsgroup, you
should have put it in clj.advocacy, where it belonged, without even
having to think about the choice. _Any_ non-programming post is
off-topic here, and you know better.