On Thu, 1 Aug 2002, Reasoner, Bob (PHES) wrote: > I have recently converted our site to a .com from a .us domain (still > maintain the old one), but I have noticed a huge increase in spam type > messages that also appear to be virus like in that they have auto executing > attachments.
Welcome to email in the 21st century :-( > My Exchange AV software (trend) is catching the virus half, but I can't > figure out how the messages are getting though in the first place since the > addresses are clearly bogus. Some are claiming to come from > [EMAIL PROTECTED], but the header says rly-ip01.mx.aol.com and that seems > to have bounced from another aol.com address. Are the sender or the recipient bogus? In the case of the sender, about the only (optional) check is that the sender domain resolve. In the case of the recipient, its not unusal to see dictionary type spam runs where they just fire mail at anything "[EMAIL PROTECTED], [EMAIL PROTECTED], bsmith.." etc. > Most of these messages are directed to addresses that are displayed on > the web site in some capacity. Heh. That will definitely do it. The spamming scum crawl web pages and harvest email addresses. > Is there a way to have GB block this type of message? The exchange > ResolveP2 has even made a copy of the messages appear to have been sent by > "Webmaster" at my site by the sender buggering up the display address to > just show Webmaster. Exchange then resolves that incorrectly and displays > My webmaster accounts display name. For the bogus recipient problem, the Gnatbox doesnt have any idea of accounts on your internal net. Its just proxying smtp traffic to a designated server. For the junk to valid address, are you using any of the DNS black lists? If so, which ones? Joe Matuscak Rohrer Corporation 717 Seville Road Wadsworth, Ohio 44281 (330)335-1541 [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
