We've received a few messages complaining of spam that begin:
"Hello. The spammer below is either using your resources to send
out bulk unsolicited commercial e-mail or is deceptively trying
to make it look like he is. In either case, a legitimate company
like yours probably would not approve. The information below
should be all you need."
followed by headers.
Of course the messages did not originate with us but had carried a
from address of a client domain. Usually if I respond to these
messages I get no reply.
At this point it appears to me that most of what we've received
originates from a CSM software product. CSM is now Surf-Control -
http://www.surfcontrol.com/ -
I don't know if the software is broken and does not correctly parse
the message headers so that it finds the source or if it is easily
mis-configured to send a notification to every address it finds or
just what the problem is. The mail admins that use it so far seem to
be clueless and just blame the software when they do reply.
It really is only a big problem when someone forges a from and then
sends out a ton of spam and you get a bunch of these stupid notices.
The message text itself (almost verbatim) comes from
http://spam.abuse.net/userhelp/complaint.txt so I suppose any number
of people could be using the same text. Abuse.net's instructions on
filing complaints detail how to find the sender and warn that usually the
from address is forged. All the notification tools they link did a
good job of finding the source on the headers I submitted. So I think
this is more an issue with this particular software provider.
Just fyi -
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
