[Declude.JunkMail] High smtp traffic
Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] High smtp traffic
On Monday, January 10, 2005, 12:10:32 PM, Markus wrote: MG Anyone else can see an abnormal high smtp traffic this minutes? MG I haven't identified completely but something strnage is going one here. Lot MG of NDR's We have been seeing what I would classify as a severe spam storm today starting at about 0100 EST. 553 new rules so far today (and it is early). This might be related. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] High smtp traffic
Nothing unusual here at the moment. -d - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 10, 2005 12:10 PM Subject: [Declude.JunkMail] High smtp traffic Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High smtp traffic
Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's False alarm. Just another genius sending around promotional messages to 500 recipients all listed in the to-field. Certain other MTA's (I believe non correctly configured POP-Connectors) seems to resend this messages to all other recipients. For some reason this will happen not once but mutliple times so each recipient is receiving the same message several hundred times. Last but not least this promotional message has a 450 kByte attachment. Congratulaions! Solution? Haven't found anything else then addign the sender address to the imail kill file. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High smtp traffic
There is definately something happening. Currently we are seeing a mailing which boasts of 400 million mails being sent promoting some penny stock with the symbol is CSYT, company name Communications Synergi Technology. I found out the hard way, because they are using my personal address as 'Reply-To', and I have received more than 2000 NDRs. They are being relatively clever by forging a Received From line, complete with our server name and IP. The only thing they've got wrong is the time stamp. We see actual senders from all over the world, pretty well all cable or dsl connections, so I guess it is a zombie storm. I am trying to figure some way of grabbing all the NDRs and then send each one 10 times to the company's CEO, CFO, etc. Apparently it is working; the stock is up 30% today. Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Monday, January 10, 2005 09:11 To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] High smtp traffic Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High smtp traffic
We can do a simple bounce message to his address using BOUNCEONLYIF.. We are bombarded by them also but they are all getting caught as spam.. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tandem Group Sent: Monday, January 10, 2005 2:11 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] High smtp traffic There is definately something happening. Currently we are seeing a mailing which boasts of 400 million mails being sent promoting some penny stock with the symbol is CSYT, company name Communications Synergi Technology. I found out the hard way, because they are using my personal address as 'Reply-To', and I have received more than 2000 NDRs. They are being relatively clever by forging a Received From line, complete with our server name and IP. The only thing they've got wrong is the time stamp. We see actual senders from all over the world, pretty well all cable or dsl connections, so I guess it is a zombie storm. I am trying to figure some way of grabbing all the NDRs and then send each one 10 times to the company's CEO, CFO, etc. Apparently it is working; the stock is up 30% today. Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Monday, January 10, 2005 09:11 To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] High smtp traffic Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High smtp traffic
We are catching the original messages as spam, but only a small percentage of the NDRs are being caught. They all come from legit mailservers, and since there is no URL in the meesage, even if it is attached Declude won't necessarily penalize it enough. The BOUNCEONLYIF won't work as the NDRs would attempt to go back to the zombies, and I doubt that they can even receive mail. My evil thought was to penalize the company itself by letting them have a few copies of each of my NDRs. :-) Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan Sent: Monday, January 10, 2005 11:23 To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] High smtp traffic We can do a simple bounce message to his address using BOUNCEONLYIF.. We are bombarded by them also but they are all getting caught as spam.. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tandem Group Sent: Monday, January 10, 2005 2:11 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] High smtp traffic There is definately something happening. Currently we are seeing a mailing which boasts of 400 million mails being sent promoting some penny stock with the symbol is CSYT, company name Communications Synergi Technology. I found out the hard way, because they are using my personal address as 'Reply-To', and I have received more than 2000 NDRs. They are being relatively clever by forging a Received From line, complete with our server name and IP. The only thing they've got wrong is the time stamp. We see actual senders from all over the world, pretty well all cable or dsl connections, so I guess it is a zombie storm. I am trying to figure some way of grabbing all the NDRs and then send each one 10 times to the company's CEO, CFO, etc. Apparently it is working; the stock is up 30% today. Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Monday, January 10, 2005 09:11 To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] High smtp traffic Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
