Re: User receiving Spam Bouncebacks..

Fri, 11 Apr 2008 19:45:37 -0700

indeed, nice, and I also would like to use it, with permission. But I'm curious about one thing, why do you never use the term 'spoof' in the user message?
----- Original Message ----- From: "Nikki Peterson - OETX" <[EMAIL PROTECTED]> 
To: "Exchange Discussions" <[email protected]>
Sent: Friday, April 11, 2008 10:58 AM
Subject: RE: User receiving Spam Bouncebacks..


Nice. :)

Can I use it?

Nikki

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Van
Eck, John
Sent: Friday, April 11, 2008 10:01 AM
To: Exchange Discussions
Subject: RE: User receiving Spam Bouncebacks..

Here's what we send, lots of positive feedback from users, and because
it is a form letter it takes no time.  Bad guys lose :-).

Never hear from user again about this issue.

*********Begin trans********

Dear USERNAME,

First, thanks for the attention you're paying to your e-mail.  Vigilance
of users is the first line of good mail security.

As you know, we live in a world where viruses can attack us in many
ways.  Although the County e-mail system is protected 100% from all
known and probably all unknown virus attacks, what you are experiencing
is what we call a "virtual virus".  Essentially, it has effects similar
to a real virus in many ways, but you (or your mailbox, or your mail
server) are not actually infected.  Here is how this happens:

1. There are many viruses in the wild that will infect a machine
and read that machines address book.

2. These viruses then create e-mail messages using the addresses it
has found as both the sender *and* the recipient.  That is, the virus
populates both the "to" and the "from" fields with addresses it got from
the machine's address book.

3. These viruses then send out these e-mail messages, and the
Internet tries its best to deliver the messages to the appropriate
e-mail server.

4. If the appropriate e-mail server has virus protection, or good
policies blocking certain forms of attachments, the receiving e-mail
server will say "Nope, we don't want this message".  At this point the
message is either deleted *or* sent back to the sender of the message --
and here is where it gets annoying!!!!

5. When you address a letter for the U.S. post office, and put the
return address label on, nothing stops you from saying the message was
sent from your neighbor's house instead of yours -- if the USPS can't
deliver the letter they will return it to YOUR NEIGHBOR'S house instead
of yours.  The same is true with e-mail -- when the server sends it
back, it goes to the person listed in the "FROM" field, which as
described above is just some poor soul who had his address in the
infected computers address book!  As a result, a person whose machine is
NOT infected gets a message from a legitimate server saying "The message
you sent was infected"  or "We block these messages because they are
bad" or something like that.  This of course causes all sorts of strife
with the user and his/her mail administrator, as they try to determine
where the infection is.

The reality is the person getting the reply message is NOT infected,
their address is just in some infected computers address book.  It is
literally impossible to track these down.

So you see, it is truly a virtual virus -- You get all the hassle of
messages from servers saying you sent a bad message, in fact you might
even get nasty phone calls from people who get infected and blame you,
but you yourself are actually NOT infected.

How can we guard against this?  We can't! :-(.  We could block all
non-delivery reports so you don't get the messages from servers saying
you sent a bad message, but then you will never know if you have
problems sending a LEGITIMATE message, or if you are blocked for some
other reason.  You could never give your e-mail address out to anyone,
but then they'll never mail you.  You could verify that everyone you
ever come into contact with has up to date virus protection and
practices safe computing, but the County has not been able to achieve
this with a KNOWN population, so your chances are glum here.

The only sane course of action that defeats the purpose of the virus is
to delete the message if it is not one you sent and get on with your
life.  This minimizes your stress and also the pleasure the virus maker
gets from this sort of activity.

Thank you for taking the time to read all of this, and if you have any
further questions or concerns, please let helpIT know.

Sincerely,

John Van Eck
Network Administrator
Montgomery County Government

********end trans*********

John Van Eck
Core Systems, AD/Exchange
Department of Technology Services
Montgomery County
(240) 773-8005
[EMAIL PROTECTED]

A good pun is its own reword.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nikki
Peterson - OETX
Sent: Friday, April 11, 2008 9:45 AM
To: Exchange Discussions
Subject: RE: User receiving Spam Bouncebacks..

Below is what I send to clients regarding Spoofing. I offer to change
their SMTP when it is really bad:

It would appear that your client's SMTP has been used to SPOOF bulk
emailing. This happens and unfortunately, there is not much that can be
done to avoid this. It is no reflection on their email hygiene. They
just need to delete the system messages.

The links provided below may shed some light on why/how this happens:

E-mail spoofing - Definition
http://www.webopedia.com/TERM/E/e_mail_spoofing.html

Understanding E-mail Spoofing
http://www.windowsecurity.com/articles/Email-Spoofing.html

Email "Spamming" and Email "Spoofing"
http://www.lse.ac.uk/itservices/help/spamming&spoofing.htm

Nikki Peterson

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
Cunningham
Sent: Thursday, April 10, 2008 1:56 PM
To: Exchange Discussions
Subject: RE: User receiving Spam Bouncebacks..

yes

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David
Wessell
Sent: Friday, 11 April 2008 04:30
To: Exchange Discussions
Subject: User receiving Spam Bouncebacks..

Is this most likely someone just sending spam and spoofing the From:
email address?

**********************************************************************
                        Have you clicked on yet?
                             www.nrc.govt.nz
**********************************************************************
NORTHLAND REGIONAL COUNCIL

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
[EMAIL PROTECTED]
**********************************************************************

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to
[EMAIL PROTECTED]
.com
Exchange List admin:    [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to
[EMAIL PROTECTED]
.com
Exchange List admin:    [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to
[EMAIL PROTECTED]
.com
Exchange List admin:    [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to [EMAIL PROTECTED] 
Exchange List admin:    [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to [EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.

Reply via email to