AVspam rant (was Re: ??????????????????????????????)

To: debian-user@lists.debian.org
Subject: AVspam rant (was Re: ??????????????????????????????)
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Wed, 5 May 2004 01:18:41 -0700
Message-id: <[🔎] 20040505081841.GC10779@ix.netcom.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20040504155623.GJ5827@live>
References: <[🔎] 200405041249.i44CnJRZ027660@fmta04.dion.ne.jp> <[🔎] 1083676327.13992.11.camel@ncshans.newingtoncs.co.za> <[🔎] 20040504155623.GJ5827@live>

on Tue, May 04, 2004 at 05:56:23PM +0200, Florian Ernst (florian@uni-hd.de) wrote:
> Hello!
> 
> On Tue, May 04, 2004 at 03:12:07PM +0200, Hans du Plooy wrote:
> > Is this spam or is someone actually posting in whatever this language
> > is?  I see this sort of mail often, sometimes it's obviously spam
> > considering the URLs, but this one doesn't have any
> 
> It is Japanese.

<...>

> (More or less literal translation)
> 
> Yes, it is time for another rant against stupid auto-replies like this
> one. 

Anyone's welcome to the following.  Also included in the amazing, the
astounding, the phenomenal rant-o-matic!  A/k/a the vfam!

    http://linuxmafia.com/~karsten/Download/rant-o-matic.tar.gz

Clip and save.  Rights to use, copy, modify, distribute, freely, with
attribution.
------------------------------------------------------------------------
Turn off your viral autoresponder, if you are using one.

Ensure that your mail server is generating 5XX *REJECT* messages, *NOT* 
sending a notification to the 'From:' or Envelope From sender, as these
are SPOOFED.

If you *cannot* make an SMTP-time assessment of deliverability of a
message, filter content for obvious viral and spam signatures, and do
not generate nondelivery notices for such messages, as they frequently
spoof sender.  Not taking these precautions makes you a vector for a
DDoS Joe-job attack:

    The Joe Job DoS attack
    By John Leyden
    Published Tuesday 6th April 2004 17:30 GMT
    http://www.theregister.co.uk/2004/04/06/joejoe_dos_attack/

    A problem with the way that non-delivery notifications are sent by
    many mail servers could be exploited to launch "mail bomb" denial of
    service attacks.

    Incorrectly configured mail servers may respond to mail delivery
    failure with as many non-delivery reports as there are undeliverable
    cc: and bcc: addresses contained in the original email. By forging
    the source of an email, hackers could bombard systems with spurious
    emails.

    MyDoom is the worst virus ever
    By John Leyden
    Published Wednesday 28th January 2004 13:11 GMT
    http://www.theregister.co.uk/content/56/35174.html

    Just like SoBig-F, much of the huge volume of crap generated by
    MyDoom is the result of auto-responder messages. As well as replies
    that someone is out of the office users are getting a stream of
    accusatory messages from anti-virus gateway products accusing them
    of sending a virus. 

    Auto-responders magnify Sobig problem
    By John Leyden
    Published Wednesday 20th August 2003 17:30 GMT
    http://www.theregister.co.uk/content/archive/32434.html

    Graham Cluley, senior technology consultant for Sophos Anti-Virus,
    said that the current generation of anti-virus gateway products are
    incapable of determining the email address in a virus contaminated
    email are spoofed.

    "In the circumstances, it might be better for people to turn off
    their auto-responder," Cluley advised, adding the auto responder
    messages could be taken of an accusation that someone wholly
    innocent was sending out viruses.

Also:

    http://www.businessweek.com/magazine/content/04_12/b3875032.htm
    http://www.attrition.org/security/rant/av-spammers.html

My own systems are not susceptible to legacy MS Windows viruses (I run
GNU/Linux exclusively).  For sites unfortunate enough to rely on
Microsoft products, such false reports waste staff and administrative
time on wild-goose chases.

Your email system is generating "bounce" messages to spoofed "from"
addresses.  These are widely considered spam on the UBE basis:

  - Unsolicited?  Check
  - Bulk?         Check
  - Email?        Check

The sending address has been added to the local spamlist; any further
mail from that address will be treated and reported as spam.  Multiple
such reports *will* result in your site being listed on spam-origin
lists, including SPEWS, SpamCop, Spamhaus, and others.

Further similar messages from your domain will be reported as spam.

Any prior and subsequent mail can and will be forwarded to public
services not limited to NANAE (news:news.admin.net-abuse.email) at my
sole discretion.  All "confidentiality" email disclaimers are
specifically rejected.

Thank you.
------------------------------------------------------------------------

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
     And can you imagine fifty people a day? I said FIFTY people a day...
     walkin' in, singin' a bar of "Alice's Restaurant" and walkin' out?
     Friends, they may think it's a MOVEMENT!
    - A. Guthrie

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- $B%&%#%k%98!=P$N$4O"Mm(B
  - From: not-reply@dion.ne.jp
- Re: ウィルス検出のご連絡
  - From: Hans du Plooy <hansdp@newingtoncs.co.za>
- Re: ??????????????????????????????
  - From: Florian Ernst <florian@uni-hd.de>

Prev by Date: Re: Massive increase of spam on debian-*@l.d.o
Next by Date: Re: [OT Why GB English is different] Re: Mozilla firefox en-gb
Previous by thread: Re: ??????????????????????????????
Next by thread: Re: ウィルス検��のご連絡
Index(es):
- Date
- Thread