The innocent caught up in SPAM battle
Spinner
Birmingham, UK
AOL Time Warner's Road Runner cable-modem service has implemented a new policy to block suspected spammers and purveyors of malicious e-mail code. But the campaign has run over some innocent victims along the way.
Road Runner's new policy calls for the blocking of any incoming e-mails that contain contradictory domain-name routing information. That means Road Runner will block e-mails originating from people who have their own e-mail servers on top of an outside Internet service such as those offered by Verizon Communications, SBC Communications or Comcast.
The move is an attempt to thwart one technique used by spammers, who piggyback their own mail servers on top of a commercial broadband service such as Comcast or Verizon to more efficiently send out e-mail in bulk. The problem is that many legitimate small businesses also run their own mail servers on broadband connections, and are sometimes caught in the cross fire.
Road Runner's tactics underscore the efforts among Internet service providers (ISPs) to slow the tide of spam and malicious software code from flooding their systems and their subscribers' in-boxes. Spam has become public enemy No. 1 for ISPs, and many of the biggest ones, including Road Runner's dial-up cousin America Online, have implemented new ways to block suspected spammers.
Earlier in the year, AOL implemented similar blocking tactics against Road Runner and Comcast subscribers suspected of running their own mail servers.
AOL also requires outside ISPs to register their servers to permit communication with their members. Sometimes ISPs that install new servers are slow to register, causing AOL to inadvertently block their e-mails.
Mike Buday, an information technology manager with Encino, Calif.-based computer consulting company BizTech Visions, has become all too familiar with the e-mail block. When Buday arrived at work Monday, he noticed that streams of e-mails destined for Road Runner addresses had been bounced back into his mail server queues.
"We were basically blocked as a spammer," Buday said, insisting that his company is not involved in spamming.
Although the blocking policy hasn't hurt BizTech Visions' business, it remains a hassle to fix. Companies such as Buday's can correct the problem by paying their ISP an extra fee to reconfigure domain name setups so that they're consistent and don't trigger the block.
"I doubt we lost any business at all, but it's just a great deal of time consumption," Buday said.
A Road Runner representative confirmed that Road Runner has implemented this particular blocking technique. The representative did not return calls seeking additional comment.
Source - CNET
0
Comments
Problem solved.
Id say 90% of any spam that does get through to my addys comes from the US.
Just make email usage illegal for all US residents.
Problems solved
It may originate in the US but spammers typically exploit open relays overseas. Check the path of a spam message sometime and it will look like it came from Korea, China, or Brazil, the 3 countries where open relays are most exploited.
As for making email illegal for all US residents, that's not fair.
Agreed. People who buy from SPAMMERS should be shot on site. (with a water pistol obviously).
All e-mail I get sent to my free Yahoo account gets blocked (sent to the trash). This is done by filters controlled from within the Yahoo mail system, nothing too special.. All e-mail that is not sent to my real account (which is important, as most spam you get never even has your address in the "To:" area) gets sent to the trash.
Needless to say, I never get spam in my inbox anymore since I've started doing this, BUT my trash folder gets almost 100 spam letters A DAY!
Pretty shocking.
I have had this email address from my ISP for like 6 years now. it is poluted with spam, i'm talking like 50-100 spams a day. I had switched ISP for 1 year, so that email address was gone, disabled, turned off, whatever you want to call it, the account wasn't there. I went back to the original ISP after that year, used the same email address. The third day i had the account back i set up outlook to check the email on that account, thiking all right these spammer scumbags have taken this address off their list. nope, i got 600 spams. they don't care if they get a bounce back, they probably never check.
They probably send all incoming mail to /dev/null
NS
I have a user named "junk" and sign up that email for anything that I don't trust.
It's the way to go.. 100%
I think it's a stupid move by AOL.. but what do I care
Large amounts of mail returned that you did not send, from all over the world, WITH a .pif attachment. Delete on sight, do not use your reply to tell the email sender that this was spoofed and Sobig.f mailing itself from somewhere to them using your email address even though it 90% probably IS as they can only block your email address and you might not want them to if you do business with them later or want to make friends.
Why??? .pif attachments are used only by Windows for the purpose of telling Windows to run a program in a backward compatibility mode. Program publishers do not usually email these, and no one else should as they need to be machine specifc to work right.
SoBig.f was first spread by mass-mailler software, and I suspect it might be using any mass-mail address books it can look into on Windows boxes used for spamming as well as emailling itself to addresses found in email address databases that are on most Windows boxes.
ISPs are starting to block it, but it comes with more than 9 subjects and has more than 9 specific file names that seem to have variants beyond those that as far as specific name of attachment file.
It has its own ESMTP engine,and in my area I have had 20+ hits of incoming emails that I know for a fact are spoofed with the exact same small attachment that is Mime Typed as Base64.
How fast did this spread, and why did Symantec take it from a relatively rare virus family to a specifgic variant name virus which is at Symantec's severity level of 4 (highest) in a 24 hour period???
Well, here is a sampling companies idea, very summarized: in 24 hours, about 3.5 days ago, a company called MessageLabs, which samples email in the US, got only 1 million SoBig.f hits in that time from multiple sources in large groups from similar sources when traced that they declared it a major mass-mail spread worm and talked to eWeek. Over the next 18 hours they got .5 million more, and this was from infected machines. In the next 24 hours I got 20 retunrs through Comcast'semailnet, of which 1\3 were to me and 2\3 were were spurious email email virus detects of spoofed source messages that Icalled Comcast-- everyone was a Sobig.f. Giving you the file attachment would be very dangerous so cannot.
Notes:
Those with Outlook Express are most common given source (usually an Outlook Express 6). It is known that this looks to Mime as a Base64 (which is used by many for basic message encryption and can hold exeecutables also) file. I get these on my Linux box as plain text, and my Linux box does not run them and I am using Comcast with their knowledge of what I run and consent to same from tier three techs.
Now, I am not going to list the more than 9 name of subject and more than nine specific file names,because of two things:
File names and subjects can be quickly changed, with this virus that will not help. So, there are two things every user can do that will help quash this and keep their box from getting and aggressively spreading it:
One,delete ASAP anything that has a .pif file attached (these are used in special cases by Widnows internal to Windows boxes to run older programs only, and if needed come with software or software patches (DO NOT go killing pif files on your computer all over, just trash emails with .pifs attached). They are not emailled becuase they neeed 90% of the time to be machine specific and program specific. You should never get one in email from a software publisher you use, and this virus is never shown to be from such.
So, first thing is to delete allemails coming in with atachments (paper clip icon on most Windows boxes, from folks that you do not know well and accept an attachment from).
Second is this, then will tell why:
Get the latest Norton or PC-Cillin defs and run the antivirus program. Do so with a manual run of Liveupdate in Norton\Symantec AV, followed by a virus scan. Both PC-Cillin and NAV know this virus that I have confirmed. If no new defs, then try in 24 hours. IF you have NAV and there are very recent defs, the autoliveupdate files are updated weekly at least and the manual Liveupdate will get both program and virus updates same day. they work different so if one function malfs and the other does not you can still get updates and they will be most current you can get. This virus is worth updating and checking for for both you and your friends. If I find a specific killer will give a link tomorrow, have not seen one yet. Gotta get back to work.
Symantec has both info and how to manually kill in their virus encyclopedia and article links from the article on w32.SoBig.f@mm that tell you how to kill and check for presence. Those who use reget32 or regedit on older Windows willbe able to follow those very exact what to look for and what keys to delete instructions well as there right now are 2-3 keys that are only used by this virus to register itself as an ESMTP poriority process on your computer. The f variant specificly will expire itself on Sept.11 or Sept.10 (late September 10 probably). It will not rtemove registry entires as far as I know and this may mess up email sending on infected boxes since it does register itself the way it does.
(longish, all meaty stuff lots of folks NEED to know if in US--admins may copy to another thread also if wanted, you can pass on freely this info to anyone who can understand it.)
John.
I'm not even gonna bother:rolleyes2, I just ain't got the energy.
Why did you have to go and say that? you've made me feel guilty. So anyway, I've now read it. Phew! Very imformative, thankyou Ageek. My apologies for my initial lazyness.
Sometimes I just skim through stuff - depends on my mood and how busy I am.
Guess yer not into teh pr0n
just kidding.
I can tell when one of my addys is about to get a ****eload of spam. first i get 1 a week. the next week i get 1 a day, then I end up just shutting the email account down.
>>>--Tiribulus-->:mad2: