I had a complaint the other day from one of our users who is receiving many stock pump spam messages. Here's a sample message body:
Thursday Jul 3 Loa"d up your tradingplatfo'rms Entity': HarrsixEpl Issue: H - X - P - N Las't: 0.02 Before next week-end: 0.09 Read about. the strong story behind it You may make a killing with this one and we're happy for you Starting 03/07/08 These messages are in plain text. Because of the misspelling, DCC registers a count of one for each of its three checksums. They come from all over the place, Peru and Viet Nam in the samples he provided. The computers seem to be compromised with the storm bot. All are listed now on the XBL blocklist (CBL actually), which we use through DCC, but must have not been listed at the time. What else can we do about this spam? The sending computers are all listed on the PBL, which we don't currently use. Is this our only hope? I'm reluctant to use that blocklist because we have clients on networks that are listed there. Using it would force clients to use authentication to send e-mail, generating complaints from legitimate users. Yes, we may even have legitimate users in Peru and Viet Nam. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
